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Introduction 
The CompTIA A+ certification requires a broad set of knowledge, and it covers more topics than many 
industry certifications. It’s no surprise that the A+ certification has become one of the most sought-after 
industry certifications by both aspiring technologists and employers. 


| hope this book helps you with your “last mile” of studies before taking your exam. There’s a lot to 
remember, and perhaps some of the information in this book will help jog your memory while you’re sitting 
in the exam room. Best of luck with your studies! 


- Professor Messer 


The CompTIA A+ Certification 


CompTIA’s A+ certification is considered to be the starting point for information technology professionals. 
Earning the A+ certification requires the completion of two exams and covers a broad range of technology 
topics. After completing the CompTIA A+ certification, an A+ certified professional will have an understanding 
of computer hardware, mobile devices, networking, operating systems, security techniques, and much more. 


The current series of the A+ certification is based on the successful completion of the 220-1101 and the 
220-1102 exams. You must pass both exams to earn your CompTIA A+ certification. This book provides a set 
of notes for the 220-1102 Core 2 exam. 


The 220-1102 Core 2 exam 
The 220-1102 exam objectives are focused on operating systems, with over half of the exam detailing 
operating systems and the troubleshooting of software. 


Here’s the breakdown of the four 220-1102 exam domains: 
Domain 1.0 - Operating Systems - 31% 
Domain 2.0 - Security - 25% 


Domain 3.0 - Software Troubleshooting - 22% 
Domain 4.0 - Operational Procedures - 22% 


Study Tips 


Exam Preparation Taking the Exam 

e Download the exam objectives, e Use your time wisely. You've got 90 minutes 
and use them as a master checklist: to get through everything. 
http://www.ProfessorMesser.com/objectives e Choose your exam location carefully. 

e Use as many training materials as possible. Some sites are better than others. 
Books, videos, and Q&A guides can all provide a * Get there early. Don't stress the journey. 


different perspective of the same information. I ] 
* Manage your time wisely. 


e It's useful to have as much hands-on as possible, You've got 90 minutes to get through everything. 
especially with network troubleshooting and 


. e Wrong answers aren't counted against you. 
operating system command prompts. 


Don't leave any blanks! 
e Mark difficult questions and come back later. 
You can answer the questions in any order. 


(Ova 
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Windows on the Core 2 exam 
e 220-1102 exam released in January 2022 
— Two Windows versions available 
— Windows 10 and Windows 11 
e CompTIA considers all in-support Windows versions to 
be in scope for the exam 
— Mainstream support is 5 years after release 
e Windows versions are listed in the objectives 
— Everything else includes both Windows 10 and 11 
e Fortunately, these are remarkably similar 
— Once you know one, you effectively know the other! 
Windows 10 
e Released on July 29, 2015 - We skipped Windows 9 
e A single platform 
— Desktops, laptops, tablets, phones, all-in-one devices 
e Ongoing updates 
— More than twelve different released versions 
— November 2021 (Version 21H2) 
Windows 10 Home 
e Home user - Retail sales 


e Integration with Microsoft account Processor / CPU 


Windows 10 Pro for Workstations 


e An edition for high-end desktops 
— Enhanced performance and storage options 


e More physical CPUs - Up to four 
e High maximum RAM - Supports up to 6 TB 


e Support for ReFS - Resilient File System 
— Same as Windows Server 


Windows 10 Enterprise 
* Built for large implementations 
— Volume licensing 
* AppLocker - Control what applications can run 
* BranchCache - Remote site file caching 
* Granular User Experience (UX) control 


— Define the user environment 
— Useful for kiosk and workstation customization 


Windows 10 Windows 10 


Minimum Requirements (x64) 


Minimum Requirements (x86) 


1 GHz processor or faster 


— Microsoft OneDrive backup Memory 


| 1 GB RAM 2 GB RAM 


e Windows Defender Free disk space 


32 GB or larger 


— Anti-virus and anti-malware 


Video 


| Microsoft DirectX 9 graphics device with WDDM driver, minimum of 800 x 600 


* Cortana - Talk to your operating system 


Windows 10 Pro 
* The business version of Windows 
— Additional management features 


Windows 10 
Edition 


Home 
* Remote Desktop host 


— Remote control each computer 
* BitLocker - Full disk encryption (FDE) 


* Join a Windows domain 
— Group Policy management 


Pro 


Pro for 
Workstations 


Enterprise 


Remote 
Desktop 


Domain 
Access 


Group Policy Max Max 


sec Management x86 RAM x64 RAM 


* Client only 
[Í Vv Client and Host Vv 4GB 2 TB 
[V Vv Client and Host [V 4 GB 6 TB 
Vv V Client and Host V 4 GB 6 TB 


1.1 - Windows Features 


Windows at work 
* Large-scale support 
— Thousands of devices 


* Security concerns 
— Mobile devices with important data 
— Local file shares 

* Working on a spreadsheet 
— Watching a movie 


* Geographical sprawl - Cache data between sites 
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Domain Services 
* Active Directory Domain Services 


— Large database of your network 


e Distributed architecture 


— Many servers - Not suitable for home use 


* Everything documented in one place 


— User accounts, servers, volumes, printers 


* Many different uses 


— Authentication, centralized management 
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1.1 - Windows Features (continued) 


Organizing network devices 
e Windows Workgroups 
— Logical groups of network devices 
— Each device is a standalone system, everyone is a peer 


e Windows Domain 
— Business network 
— Centralized authentication and device access 
— Supports thousands of devices across many networks 


Desktop styles 
e Your computer has many different uses 
— Those change depending on where you are 


e Work 
— Standard desktop 
— Common user interface 
— Customization very limited 
— You can work at any computer 


e Home 
— Complete flexibility 
— Background photos, colors, UI sizing 
— Centralized authentication and device access 
— Supports thousands of devices across many networks 


Availability of RDP 
e Remote Desktop Protocol 
— View and control the desktop of a remote device 


e RDP client 
— Connects to a Remote Desktop Service 
— Clients available for almost any operating system 


e Remote Desktop Service 
— Provides access for the RDP client 
— Available in Windows 10 Pro and Enteprise 
— Not available in Windows 10 Home 


RAM support limitations 
e RAM support varies between editions 
— More advanced editions allow additional RAM 


BitLocker and EFS 

e Data confidentiality 
— Encrypt important information 

e Encrypting File System 
— Protect individual files and folders 
— Built-in to the NTFS file system 


e BitLocker 
— Full Disk Encryption (FDE) 
— Everything on the drive is encrypted 
— Even the operating system 


e Home and business use 
— Especially on mobile devices 


Group Policy editor 
e Centrally manage users and systems 
— Policies can be part of Active Directory or 
a local system 


e Local Group Policy 
— Manages the local device 
— gpedit.msc 


e Group Policy Management Console 
— Integrated with Active Directory 
— Powerful system management 
—gpmc.msc 


1.1 - Windows Upgrades 


Why upgrade? 
e Upgrade vs. Install 

— Upgrade - Keep files in place 

— Install - Start over completely fresh 
e Maintain consistency 

— Customized configurations 

— Multiple local user accounts 


e Upgrades save hours of time 
— Avoid application reinstall 
— Keep user data intact 
— Get up and running quickly 


Upgrade methods 

e In-place 
— Upgrade the existing OS 
— Keeps all applications, documentations, and settings 
— Start the setup from inside the existing OS 
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e Clean install 
— Wipe everything and reload 
— Backup your files 
— Start the setup by booting from the installation 
media 


Upgrading Windows 
e Upgrade from the Windows installation media 
— Downloadable versions are available from Microsoft 
— Includes a media creation tool 
* You cannot upgrade x86 to x64 
— Or x64 to x86 
— Applies to all Windows versions 
— You'll have to migrate instead 


@ 2022 Messer Studios, LLC 


https://www.ProfessorMesser.com 


1.1 - Windows Upgrades (continued) 


Upgrade paths Post-installation 
e Many upgrades are between similar editions * Does it work? 
— Or higher-level Windows editions — If it doesn’t boot, there are bigger problems 


e In-place upgrade paths to Windows 10 
— Windows 7, Windows 8.1 (not Windows 8.0) 


e In-place upgrade paths to Windows 11 
— Windows 10 


* Some testing is useful for unknown hardware configurations 
— Start » Settings » System » Recovery » Go back 
* Additional installations 
— Service packs, security patches, security applications, 
driver updates, application updates 


1.2 - Windows Command Line Tools 


Privileges 
* Not all users can run all commands 
— Some tasks are for the administrator only 


e Standard privileges 
— Run applications as normal user 
— This works fine for many commands 


* Administrative/elevated privileges 
— You must be a member of the Administrators group 
— Right-click Command Prompt, 
choose Run as Administrator 
— cmd, Ctrl+Shift+Enter 


Command line troubleshooting 
e Use “help” if you're not sure 
> help dir 
> help chkdsk 
e Also use: 
[command] /? 
— Close the prompt with exit 


File management 
edir 
— List files and directories 
ecd / chdir 
— Change working directory 
— Use backslash \ to specify volume or folder name 


— Two dots/periods 
— The folder above the current folder 
emd / mkdir 
— Make a directory 
erd / rmdir 
— Remove directory 
Drive letters 
e Each partitions is assigned a letter 
— Primary storage drive is usually C 
e Reference the drive with the letter and a colon 
-C: 
e Combine with the folder 
— Folder names are separated with backslashes 
— C:\Users\professor 


hostname 
e View the name of the device 
— This is very useful when there are 10 different 
terminal screen tabs in use 


e This is the Windows Device name 
— Name can be changed in the System settings 


format 
e Formats a disk for use with Windows 
° format c: 


copy (/v, /y) 

e Copy files from one location to another 
/v - Verifies that new files are written correctly 
/y - Suppresses prompting to confirm you want to 
overwrite an existing destination file 


xcopy 
e Copies files and directory trees 


xcopy /s Documents m:Nbackups 


Robust Copy 
° robocopy 
— A better Xcopy 
— Included with Windows 10 and 11 


Managing Group Policy 
e Group Policy 
— Manage computers in an Active Directory Domain 
— Group Policy is usually updated at login 
* gpupdate 
— Force a Group Policy update 
-gpupdate /target:(computer|user) / 
force 
—gpupdate /target:professor /force 
e gpresult 
— Verify policy settings for a computer or user 
-gpresult /r 
— gpresult /user sgc/professor /v 
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1.2 - Windows Command Line Tools (continued) 


shutdown Check Disk 
e Shutdown a computer echkdsk /f 

— And optionally restart — Fixes logical file system errors on the disk 
eshutdown /s /t nn echkdsk /r 

— Wait nn seconds, then shutdown — Locates bad sectors and recovers readable information 
eshutdown /r /t nn — Implies /£ 

— Shutdown and restart after nn seconds e If volume is locked, run during startup 
eshutdown /a DiskPart 

— Abort the countdown! e Manage disk configurations 
sfc — diskpart - start the DiskPart command interpreter 
e System File Checker winver 

— Scan integrity of all protected system files e View the About Windows dialog 
esfc /scannow — A quick check 


e Useful when troubleshooting 
— Are you running the latest version? 


1.2 - The Windows Network Command Line 


ipconfig net 
e Most of your troubleshooting starts with your IP address e Windows network commands 
— Ping your local router/gateway e View network resources 
e Determine TCP/IP and network adapter information -net view \\<servername> 
— And some additional IP details -net view /workgroup:<workgroupname> 
e View additional configuration details e Map a network share to a drive letter 
— DNS servers, DHCP server, etc. -net use h: \\<servername>\<sharename> 
ping e View user account information and reset passwords 
e Test reachability —net user <username> 
— Determine round-trip time -net user «username» * /domain 
— Uses Internet Control Message Protocol (ICMP) tracert 
* One of your primary troubleshooting tools * Determine the route a packet takes to a destination 
— Can you ping the host? — Map the entire path 
netstat * Takes advantage of ICMP Time to Live Exceeded 
* Network statistics message 
— Many different operating systems — The time in TTL refers to hops, not 


seconds or minutes 
— TTL=1 is the first router, TTL=2 is 
the second router, etc. 


enetstat -a 
— Show all active connections 


enetstat -b 


— Show binaries (Windows) * Not all devices will reply with ICMP Time Exceeded 


— Some firewalls filter ICMP 


“netstat ch — ICMP is low-priority for many devices 


— Do not resolve names 
Flavors of traceroute 


* Not all traceroutes are the same 
— Minor differences in the transmitted payload 


nslookup 
* Lookup information from DNS servers 


— Canonical names, IP addresses, cache timers, etc. i 
e Windows commonly sends ICMP echo requests 


— Receives ICMP time exceeded messages 
— And an ICMP echo reply from the 
final/destination device 
— Unfortunately, outgoing ICMP is commonly filtered 


e Lookup names and IP addresses 
— Many different options 
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1.2 - Windows in the Enterprise (continued) 


e Some operating systems allow you to specify the 


protocol Linux, Unix, macOS, etc. 


e |OS devices send UDP datagrams over port 33434 
— The port number can be changed with 


extended options 
— The mechanics of traceroute 


pathping 
e Combine ping and traceroute 
— Included with Windows NT and later 


* First phase runs a traceroute 
— Build a map 
e Second phase 
— Measure round trip time and packet loss at each hop 


1.3 - Task Manager 


Task Manager 
e Real-time system statistics 
— CPU, memory, disk access, etc. 


e Starting the Task Manager 
— Ctrl-Alt-Del, select Task Manager 
— Right mouse click the taskbar and 
select Task Manager 
— Ctrl-Shift-Esc 
Services 
e Non-interactive applications 
— Hundreds of background processes 


e Manage from one screen 
— Start, stop, restart 


Startup 

e Manage which programs start with 
a Windows login 
— Easily toggle on and off 

e Multiple reboots 


— Enable and disable 
— You'll find it 


Processes 
e View all running processes 
— Interactive and system tray apps 
— View processes from other accounts 


e Manage the view 
— Move columns, add metrics 
e Combine all apps, processes, and services into a single tab 
— Easy to view and sort 
Performance 
e What's happening? - CPU, memory, etc. 
e Statistical views - Historical, real-time 
e Newer versions include CPU, memory, disk, 
Bluetooth, and network in the Performance tab 
Networking 
e Network performance 
— Integrated into the Performance tab 
e View utilization, link speeds, and 
interface connection state 
Users 
e Who is connected? What are they doing? 
e Other options 
— Disconnect a user, manage user accounts 


1.3 - The Microsoft Management Console 


Task Manager 
e Build your own console 
-mmc.exe 


e A handy starting point 
— Event Viewer 
— Local Users and Groups 
— Disk management 
— Task Scheduler 
— And more! 


Event Viewer 
e Central event consolidation 
— What happened? 


e Application, Security, Setup, System 


e Information, Warning, Error, Critical, Successful 


Audit, Failure Audit 
* eventvwr.msc 


Disk Management 
* Manage disk operations 
— Individual computers and file servers 
e diskmgmt.msc 
e WARNING 
— YOU CAN ERASE DATA 
— ALWAYS HAVE A BACKUP 


Task Scheduler 
e Schedule an application or script 
— Plan your future 


* Includes predefined schedules 
— Click and go 

* Organize 
— Manage with folders 

* taskschd.msc 
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1.3 - The Microsoft Management Console (continued) 


Device Manager 
e The OS doesn't know how to talk directly 
to most hardware 


e Device drivers are hardware specific and 
operating system specific 


— Older device drivers may not necessarily work in 


Windows 10 or 11 
° devmgmt . msc 


Certificate Manager 
e View user and trusted certs 
— Add and remove 


° certmgr.msc 


Local users and groups 

e Users 
— Administrator - the Windows super-user 
— Guest -Limited access 
— “Regular” Users 


e° Groups 
— Administrators, Users, Backup Operators, 
Power Users, etc. 


* lusrmgr.msc 


Performance Monitor 
* Gather long-term statistics 
- perfmon.msc 


e OS metrics 
— Disk, memory, CPU, etc. 


e Set alerts and automated actions 
— Monitor and act 


* Store statistics 

— Analyze long-term trends 
* Built-in reports 

— View the data 


Group Policy Editor 
* Centrally manage users and systems 
— Policies can be part of Active Directory or a local system 


* Local Group Policy Editor 
— Manages the local device 
— gpedit.msc 


e Group Policy Management Console 
— Integrated with Active Directory 
— Powerful system management 
— gpmc. msc 


1.3 - Additional Windows Tools 


System Information 
e System overview 
-msinfo32.exe 


* Hardware Resources 
— Memory, DMA, IRQs, conflicts 
* Components 
— Multimedia, display, input, network 
e Software Environment 
— Drivers, print jobs, running tasks 
Resource Monitor 
e Detailed real-time view of performance 
— Separated by category 
e Categories 
— Overview, CPU, Memory, 
— Disk, and Network 
eresmon.exe 


System Configuration 


e Manage boot processes, startup, services, etc. 


— One-stop shop 
e msconfig . exe 


Disk Cleanup 
e Find unused or unneeded files 
— A quick way to free up space 
e Select the categories 
— Click the button 


e cleanmgr.exe 


Professor Messer's CompTIA 220-1102 A* Course Notes - Page 6 


defrag 

* Disk defragmentation 
— Moves file fragments so they are contiguous 
— Improves read and write time 


* Not necessary for solid state drives 
— Windows won't defrag an SSD 


* Graphical version in the drive properties 


* Requires elevated permissions 
— Command line: 
-defrag «volume» 
-defrag C: 


regedit.exe 

* The Windows Registry Editor 
— The big huge master database 
— Hierarchical structure 


* Used by almost everything 
— Kernel, Device drivers 
— Services 
— Security Account Manager (SAM) 
— User Interface, Applications 


* Backup your registry! 
— Built into regedit 
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1.4 - The Windows Control Panel 


Internet Options 
e General - Basic display 


e Security - Different access based on site location 

e Privacy - Cookies, pop-up blocker, InPrivate browsing 
e Content - Certificates and auto-complete 

e Connections - VPN and proxy settings 

e Programs - Default browser, plugins, etc. 

e Advanced - Detailed configuration options (and reset!) 


Devices and Printers 
e Everything on the network 
— Desktops, laptops, printers, multimedia devices, storage 


e Quick and easy access 
— Much less complex than Device Manager 
— Properties, device configurations 


Programs and Features 
e Installed applications - Uninstall, size, version 
e Windows features - Enable and disable 


Network and Sharing Center 
e All network adapters - Wired, wireless, etc. 


e All network configs 
— Adapter settings, network addressing 
System 
e Computer information - Including version and edition 
e Performance - Virtual memory 
e Remote settings 
e System protection 
Windows Defender Firewall 
e Protect from attacks - Scans, malicious software 
e Integrated into the operating system 
e Control Panel > Windows Firewall 
Mail 
e Icon does not appear unless a mail client, 


e.g., Outlook, is installed 
— Otherwise not an option 


e Access to local mail configuration 
— Account information, data files 


Sound 
e Output options - Multiple sound devices may be available 


e Set levels for output and input 
— Speakers and microphone 


User Accounts 
e Local user accounts 
— Domains accounts are stored elsewhere 


e Account name and type 
e Change password 

e Change picture 

e Certificate information 


Device Manager 
e The OS doesn't know how to talk directly 
to most hardware - You need drivers 


e Manage devices - Add, remove, disable 


* First place to go when hardware isn't working 
- Instant feedback 


Indexing Options 
* Speed up the search process 
— Constantly updates an index 


* Searches browser history and user folders 
— Good default options 


* Add other locations 
— Modify to include other folders 


File Explorer Options 
* Manage Windows Explorer - Many options 


* General - Windows, expand folders 
e View - View hidden files, hide extensions 


* Search 
— Disable index searches, search non-indexed areas 


Administrative Tools 
e Not commonly used utilities 
— Used for system administration 


* Useful system tools 
— Often used options for system 
administrators and technicians 


Power Options 
* Hibernate 
— Open docs and apps are saved to disk 
— Common on laptops - Used by Fast Startup 


* Power plans 
— Customize power usage 


* Sleep (standby) 
— Open apps are stored in memory 
— Save power, startup quickly 
— Switches to hibernate if power is low 


* Choose what closing the lid does 
— Useful for docking stations 


* USB selective suspend 
— Disable individual USB devices 
— Save power 
— Fingerprint readers, biometrics 


e Fast startup 
— Enable or disable - Useful for troubleshooting 


Ease of Access Center 
* Usability enhancements - Useful for everyone 
* Change display, keyboard, mouse, and other 
input/output options 
— Use Windows without a display 
— Change the mouse pointers 
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- Windows Settings 


Settings 


James Messer e 


james@professormesser.com OneDrive 
My Microsoft account Backed up 


t] te & 


Windows Update Rewards Web browsing 


Last checked: 3 Start Earning Restore 
hours ago recommended 


Find a setting 


System z Devices 
Display, sound, notifications, 
power 


Bluetooth, printers, mouse 


Personalization = Apps 


Background, lock screen, colors Uninstall, defaults, optional 


features 


Gaming Ease of Access 
Xbox Game Bar, captures, Game Narrator, magnifier, high 
Mode contrast 


Settings 

e An updated interface 
— A migration from the Control Panel 

e One place for most configuration settings 
— A common UI 


* Search for "Settings", Or scroll down to "S" 
Time and Language 
e Windows can automatically set the time 


— Active Domain is very sensitive to synchronized clocks 
— Five minutes of tolerance by default 


e Windows can speak many different languages 

— Change or add a language 
Update and Security 
* Keep your OS up to date - Security patches, bug fixes 
* Automatic installation - Updates are always installed 
* Active hours - You control the update time 
Personalization 


* Change the way Windows looks and feels 
— Colors, wallpaper, lock screen 


* Extensive customization - Make Windows your own 
Apps 
* Manage installed applications 

— Uninstall or modify an existing app 


* Add Windows features 
— Fonts for other languages 
— OpenSSH Server 
— SNMP support 


Privacy 
* Share app activity - Customized advertising 


* Share your language - Website content 
* Speech recognition - Sends audio to an online service 
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Phone Network & Internet 


Link your Android, iPhone Wi-Fi, airplane mode, VPN 


Accounts Time & Language 


Your accounts, email, sync, Speech, region, date 


work, family 


Search Privacy 


Find my files, permissions Location, camera, microphone 


System 
* Change display settings 
— Night light, scaling, resolution 
* Audio settings 
— Input and output 
* Notifications 
— Enable/disable 
— Show on lock screen 


Devices 
* Manage devices 
— Bluetooth, printers, etc. 
* Mouse settings 
— Button and wheel options 
* Typing and writing 
— Keyboard and pen 
Network and Internet 
* Network settings 
- Internet connectivity 
* View Internet status 
— Up or down? 
* Change IP settings 
— Modify address information 
Gaming 
* Xbox Game Bar - Xbox gaming network 
* Chat, join games - Look for friends 
Accounts 


* Manage login account information 
— Microsoft account or local account 


* Email configuration - Specify an email app 
* Sign-in options - PIN, password, security key, etc. 
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1.6 - Windows Network Technologies 


Shared resources 
e Make a folder or printer available on the network 
— “Share” with others, view in Windows Explorer 


e Assign (map) a drive letter to a share 
— Access a file server 
— Reconnect automatically 


e Shares ending with a dollar sign ($) are “hidden” 
— Not a security feature 


e Administrative Tools > Computer Management 


Mapping drives 
e Access a share 
— This PC / Map network drive 


e Local drive letter and share name 
— May require additional authentication 


e Or use the command line: 
net use h: “\\Daedalus\Gate Room” 


Sharing printers 
e Similar to sharing a folder 
— But it’s a printer instead 


e Printer Properties 
— Access through Windows Explorer, the Settings app, 
or any other Printer Properties 
— Share an existing printer 


Using a shared printer 
e Similar to sharing a folder 
— But it’s a printer instead 
e Adda printer 
— Windows Explorer 
— Settings app 


Proxy Settings 
e Change the traffic flow 
— An Internet go-between 


e Settings > Network and Internet 
— Or use Control Panel > Internet Options > 
Connections > LAN settings 


e Define address and exceptions 
— Proxies don’t work for everything 


Network locations 

* Private 
— Share and connect to devices 
— Home or work network 


* Public 
— No sharing or connectivity 
— Public Wi-Fi 


* Customize security settings 
— Profile is determined automatically 
— Change the settings at any time 


Network paths 
* View network paths in File Explorer 
— Server and share name 


* Map network drive 
— Add a drive letter 


* Disconnect 
— Toolbar - Right-click the drive 


Metered connections 
* Reduce data usage 
— Slow network links 
— Limited bandwidth 
— Usage-based billing 
* Can modify application communication 
— Windows Updates 
— OneDrive sync 


1.6 - Configuring Windows Firewall 


Windows Defender Firewall 
e Your firewall should always be enabled 
— Sometimes you need to troubleshoot 


e° Temporarily disable from the main screen 
— Turn Windows Firewall on or off 
— Requires elevated permissions 


e Different settings for each network type 
— Public / Private 


Windows Firewall configuration 
e Block all incoming connections 

— Ignores your exception list 

— Useful when you need the most security 
e Modify notification 

— App blocking 


Creating a firewall exception 
e Allow an app or feature 


through Windows Firewall 
— The more secure exception 


e Port number 


— Block or allow 


e Predefined exceptions 


— List of common exceptions 


e Custom rule 


— Every firewall option 
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1.6 - Windows IP Address Configuration 


How Windows gets an IP address e DNS — Domain Name Services 
e DHCP (Dynamic Host Configuration Protocol) — Converts domain names to IP addresses 

- Automatic IP addressing * DHCP - Dynamic Host Configuration Protocol 

— This is the default — Automates the IP address configuration process 
* APIPA (Automatic Private IP Addressing) — Addresses can be dynamic or static 

— There's no static address or DHCP server * Loopback address - 127.0.0.1 - It's always there! 


— Communicate locally (link-local address) 
— Assigns 169.254.1.0 to 169.254.254.255 
— No Internet connectivity 

* Static address 
— Assign all IP address parameters manually 
— You need to know very specific details 


A backup for the DHCP server 

* Multiple DHCP servers should be configured for 
redundancy 
— There will always be one available 


If a DHCP server isn't available, Windows uses the 
Alternate Configuration 
TCP/IP host addresses — The default is APIPA addressing 


* e oe ee ene! You can also configure a static IP address 
Subnet mask — Identifies the subnet ; 
— Keep working normally 


Gateway — The route off the subnet to the rest of the world 


1.6 - Windows Network Connections 


Network setup Wireless connections 
e Control Panel e Network name - SSID (Service Set Identification) 
— Network and Sharing Center ° Security type - Encryption method 


—Set up a new connection or network e Encryption type - TKIP, AES 


e Security key 
— WPA2-Personal - Pre-shared key 


° Many different connections — WPA2-Enterprise - 802.1X authentication 
— Direct, VPN, dial-up, etc. 


e Step-by-step wizard 
— Confirmation during the process 


Wired connections 


VPN connections e Ethernet cable - Direct connection 
° ia * Fastest connection is the default - Ethernet, Wireless, WWAN 
— Connect to a workplace e Alternate configurations - When DHCP isn’t available 
e Integrate a smart card WWAN connections 
— Multi-factor authentication e Wireless Wide Area Network 
— Something you know — Built-in mobile technology 
— Something you have e Hardware adapter - Antenna connections 


— Something you are e USB connected or 802.11 wireless - Tether or hotspot 


° Connect from the network status icon e Requires third-party software - Each provider is different 
— Click and provide credentials 


1.7 - Installing Applications 


Installing applications Operating system platform 
e Extend the functionality of your operating system e 32-bit vs. 64-bit 
— Specialized applications — Processor specific 
e Available everywhere e 32-bit processors can store 
— Find the application you need 23° = 4,294,967,296 values 
— Install on your operating system * 64-bit processors can store 
e Not every computer can run every application 2% = 18,446,744,073,709,551,616 values 
— Some simple checks can help manage your desktop — 4 GB vs. 17 billion GB 


— The OS has a maximum supported value 


* Hardware drivers are specific to the OS version 
— 32-bit (x86), 64-bit (x64) 
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1.7 - Installing Applications (continued) 


e 32-bit OS cannot run 64-bit apps 
— But 64-bit OS can run 32-bit apps 


e Apps in a 64-bit Windows OS 
— 32-bit apps: \Program Files (x86) 
— 64-bit apps: \Program Files 


Graphics requirements 

e Integrated graphics 
— CPU and GPU are the same chip 
— Uses system memory for graphics 
— Common in laptops 


e Dedicated graphics card 
— Also called a discrete graphics card 
— Uses its own VRAM (Video RAM) 
— High-end graphics requirements 

e Check the application 
— Integrated or dedicated 
— VRAM requirements 


RAM requirements 

e Random Access Memory 
— Memory modules 

e A critical specification 
— Application may perform poorly 
— Or not at all 


e This would be above and beyond the OS requirements 
— Dependent on the application 
— Consider all of the other running applications 


CPU requirements 
e Central Processing Unit 
— Processing speed 
— Usually measured in gigahertz (GHz) 


e A broad measurement 
— Higher numbers are faster CPUs 


e Application requirements vary 
— Word processing vs. video editing 


External hardware tokens 
e Manage application usage 
— Limit access to authorized users 


e Application will only operate with the 
hardware token connected 
— Commonly a USB device 
— Can be a challenge to manage 


e Often used with high-end software 
— High per-seat licensing costs 
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Storage requirements 

e Drive space concerns 
— Initial installation space requirement 
— Application use requirement 


e Some applications use a LOT of storage space 
after installation 
— The initial install requirements may not be the most 
important specification 


Distribution methods 

e Physical media 
— Optical media, USB drive, etc. 
— Increasingly rare 


e Downloadable 
— Direct from the manufacturer 
— Centralized app store 
— Avoid 3rd-party downloads 


ISO files 

e Optical disk image 
— A single ISO file / ISO image 
— Files and folders 

e Sector by sector copy of the data on an optical disc 
— ISO 9660 file system 


e Mount in the OS 
— Appears as a separate drive 


Installation considerations 
e There’s a reason we are careful when 
installing applications 
— Applications have the same rights and permissions 
as the user 
— An unknown application can cause significant issues 


e Impact to device 
— Application upgrade stops working 
— Slowdowns 
— Deleted files 


e Impact to network 
— Access to internal services 
— Rights and permissions to file shares 


e Impact to operation 
— Many jobs are time-sensitive 
— An updated application may require a change 
to the workflow 
— Or may not work at all 


e Impact to the business 
— Critical processes are sensitive to downtime 
and outages 
— A change to an application can create significant issues 
— Other parts of the business rely on your results 
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1.8 - Operating System Overview 


Why do you need an OS? 
e Control interaction between components 
— Memory, hard drives, keyboard, CPU 


e A common platform for applications 
— You're going to do some work, right? 


e Humans need a way to interact with the machine 
— The “user interface” - Hardware can't do everything! 


Standard OS features 
e File management 
— Add, delete, rename 


e Application support 
— Memory management, swap file management 


e Input and Output support 
— Printers, keyboards, hard drives, USB drives 


e Operating system configuration and management tools 


Microsoft Windows 
e Major market presence 
— Many different versions 
— Windows 10, Windows 11, Windows Server 


e Advantages 
— Large industry support 
— Broad selection of OS options 
— Wide variety of software support 


e Disadvantages 
— Large install base provides a big target for 
security exploitation 
— Large hardware support can create challenging 
integration exercises 


Linux 
e Free Unix-compatible software system 
— Unix-like, but not Unix 


e Many (many) different distributions 
— Ubuntu, Debian, Red Hat / Fedora 


e Advantages 
— Cost. Free! 
— Works on wide variety of hardware 
— Passionate and active user community 


e Disadvantages 
— Limited driver support, especially with laptops 
— Limited support options 


Apple macOS 
e macOS - Desktop OS running on Apple hardware 


e Advantages 
— Easy to use 
— Extremely compatible 
— Relatively fewer security concerns 


e Disadvantages 
— Requires Apple hardware 
— Less industry support than the PC platform 
— Higher initial hardware cost 
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Chrome OS 

e Google's operating system 
— Based on the Linux kernel 

e Centers around Chrome web browser 
— Most apps are web-based 


e Many different manufacturers 
— Relatively less expensive 


e Relies on the cloud - Connect to the Internet 


Apple iPadOS 
e Operating system for Apple’s iPad tablets 
— A variant of Apple’s phone iOS 


e Tablet features 
— Desktop browser (Safari) 
— Second monitor (Sidecar) 
— Keyboard support 
— Multitasking 


Apple iOS 
e Apple iOS 
— Apple iPhones 
— Based on Unix 
— Closed-source - No access to source code 
— Exclusive to Apple products 
e iOS Apps 
— Apps are developed with iOS SDK on macOS 
— Apps must be approved by Apple before release 
— Apps are available to users in the Apple App Store 


Google Android 
e Google Android 
— Open Handset Alliance 
— Open-source OS, based on Linux 
— Supported on many different manufacturer's devices 


* Android Apps 
— Apps are developed on Windows, macOS, and 
— Linux with the Android SDK 
— Apps available from Google Play 
— Apps also available from third-party sites 
(i.e., Amazon Appstore) 


Vendor-specific limitations 
e End-of-life 
— Different companies set their own EOL policies 
* Updating 
— iOS, Android, and Windows check and 
prompt for updates 
— Chrome OS will update automatically 


* Compatibility between operating systems 
— Some movies and music can be shared 


* Almost no direct application compatibility 
— Fortunately, many apps have been built to run on 
different OSes 
— Some data files can be moved across systems 
— Web-based apps have potential 
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1.8 - Filesystems 


File systems 

e Before data can be written to the partition, 
it must be formatted 
— Build the foundation 


e Operating systems expect data to be written 
in a particular format 
— FAT32 and NTFS are popular 


e Many operating systems can read 
(and perhaps write) multiple file system types 
— FAT, FAT32, NTFS, exFAT, etc. 


FAT 
e FAT - File Allocation Table 
— One of the first PC-based file systems (circa 1980) 


e FAT32 - File Allocation Table 
— Larger (2 terabyte) volume sizes 
— Maximum file size of 4 gigabytes 


e exFAT - Extended File Allocation Table 
— Microsoft flash drive file system 
— Files can be larger than 4 gigabytes 
— Compatible across many operating systems 
— Windows, Linux, macOS 


NTFS 
* NTFS — NT File System 
— Extensive improvements over FAT32 
— Quotas, file compression, encryption, symbolic links, 
large file support, security, recoverability 


e Not very compatible across operating systems 
— Many OSes will read NTFS (but not write) 
— Some have limited write functionality to 
an NTFS file system 


Other file systems 
e ext3 - Third extended file system 
— Commonly used by the Linux OS 


e ext4 - Fourth extended file system 
— An update to ext3 
— Commonly seen in Linux and Android OS 


APFS 

e Apple File System (APFS) 
— Added to macOS High Sierra (10.12.4) 
— Also included with iOS and iPadOS 


e Optimized for solid-state storage 
— Encryption, snapshots, increased data integrity 


1.9 - Installing Operating Systems 


Boot methods 
e USB storage 
— USB must be bootable 
— Computer must support booting from USB 
e Optical media 
— CD-ROM and DVD-ROM 
e PXE (“Pixie”) - Preboot eXecution Environment 
— Perform a remote network installation 
— Computer must support booting with PXE 


e Solid state drives / hard drives 
— Store many OS installation files 


e Internet-based 
— Linux distributions, macOS Recovery installation, 
Windows updates 


e External / hot swappable drive 
— Some external drives can mount an 
ISO image (optical drive image) 
— Boot from USB 
e Internal hard drive 
— Install and boot from separate drive 
— Create and boot from new partition 
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Types of installations 
e In-place upgrade - Maintain existing applications and data 


e Recovery partition 
— Hidden partition with installation files 


e Clean install 
— Wipe the slate clean and reinstall 
— Migration tool can help 


e Image deployment 
— Deploy a clone on every computer 
— Relatively quick 
— Can be completely automated 


e Repair installation 
— Fix problems with the Windows OS 
— Does not modify user files 


e Remote network installation 
— Local server or shared drive 
— Install across the Internet 


e Load alternate third party drivers when necessary 
— Disk controller drivers, etc. 

The disk partition 

e Separates the physical drive into logical pieces 
— Useful to keep data separated 
— Multiple partitions are not always necessary 

e Useful for maintaining separate operating systems 
— Windows, Linux, etc. 

e Formatted partitions are called volumes 
— Microsoft's nomenclature 
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1.9 - Installing Operating Systems (continued) 


GPT partition style 
e GPT (GUID Partition Table) 
— Globally Unique Identifier 
— The latest partition format standard 


e Requires a UEFI BIOS 
— Can have up to 128 partitions 
— Maximum partition size is over 9 billion TB 
— Windows max partition is currently 256 TB 


e No need for extended partitions or logical drives 


MBR partition style 

e MBR (Master Boot Record) 
— The old standby, with all of the old limitations 
— Maximum partition size of 2 TB 


e Primary 
— Bootable partitions 
— Maximum of four primary partitions per hard disk 
— One of the primary partitions can be marked as Active 


e Extended 
— Used for extending the maximum number of partitions 
— One extended partition per hard disk (optional) 
— Contains additional logical partitions 
— Logical partitions inside an extended partition 
are not bootable 


Disk partitioning 
e The first step when preparing disks 
— May already be partitioned 
— Existing partitions may not always be compatible 
with your new operating system 


e An MBR-style hard disk can have up to four partitions 


e GUID partition tables support up to 128 partitions 
— Requires UEFI BIOS or BIOS-compatibility mode 
— BIOS-compatibility mode disables UEFI SecureBoot 


e BE CAREFUL! 
— Serious potential for data loss 
— This is not an everyday occurrence 


Quick format vs. full format 

e Quick format 
— Creates a new file table 
— Looks like data is erased, but it's not 
— No additional checks 


e Quick format the default during installation in 
Windows 10 and 11 
— Use diskpart for a full format 


e Full format 
— Writes zeros to the whole disk 
— Your data is unrecoverable 
— Checks the disk for bad sectors (time consuming) 


1.9 - Upgrading Windows 


Why upgrade? 
e Upgrade vs. Install 

— Upgrade - Keep files in place 

— Install - Start over completely fresh 
e Maintain consistency 

— Customized configurations 

— Multiple local user accounts 


e Upgrades save hours of time 
— Avoid application reinstall 
— Keep user data intact 
— Keep user settings 
— Get up and running quickly 


Upgrade methods 
e In-place upgrade 
— Upgrade the existing OS 
— Keeps all applications, documents, 
and settings 
— Start the setup from inside 
the existing OS 


e Clean install DE 
- Wipe everything and reload dcs 
— Backup your files 
— Start the setup by booting 

from the installation media IE 


= 


DAEDALUS 


3 years old 


Rename your PC 


Related links 
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Prepare the boot drive 
e Know your drive 
— Is data on the drive? 
— Has the drive been formatted? 
— What partitions are on the drive? 


e Backup any old data 
— You may need that data again someday 
— Save user preferences 


e Most partitioning and formatting can be completed 
during the installation 
— Clear the drive and start fresh 


PC health at a glance 


Introducing Windows 11 


Let's check if this PC meets the system requirements. 
If it does, you can get the free upgrade when it's available. 


d Backup & sync o Backingup ^ 
MM You're signed in and backing up 
WI Keep your preferences in sync across devices, 

and set up OneDrive to sync your files, too. 


Tips on PC health More on Windows 11 


@ 2022 Messer Studios, LLC 


https://www.ProfessorMesser.com 


1.9 - Upgrading Windows (continued) 


Before the installation 
e Check minimum OS requirements 
— Memory, disk space, etc. 
— And the recommended requirements 


e Run a hardware compatibility check 
— Runs when you perform an upgrade 
— Run manually from the Windows setup screen 
— Windows 10 Upgrade Checker, 
PC Health Check for Windows 11 


e Plan for installation questions 
— Drive/partition configuration, license keys, etc. 
e Application and driver compatibility 
— Check with the app developer and 
hardware manufacturer 


Windows product life cycle 
e Quality updates 

— Monthly security updates and bug fixes 
e Feature updates 

— Annual update with new features 

— Used to occur every three to five years 


e Support is provided after the release 

— 18 to 36 months 

— Dependent on the Windows version and edition 
e Also called the Modern Lifecycle Policy 

— For continuously supported products 


1.10 - macOS Overview 


File types 
e dmg 
— Apple Disk Image 
— Mountable as a drive in Finder 
° .pkg 
— Installer Package 
— Used to distribute software 
— Runs through an installer script 
e app 
— Application bundle 
— Contains the necessary files to use the application 
— “View Package Contents” from the Finder 


App store 
e Centralized updates and patches 
— For both OS and apps 
e App Store application 
— The “Updates” option 
e Automatic updates 
— Or manualinstall 
e Patch management 
— Install and view previous updates 


Uninstallation process 
— Move the .app file to the Trash 
— The .app package contains all of the application files 
— Quick and easy 


e Some applications include a separate uninstall program 
— Usually included in the Application folder 


é Odyssey Actual Applications AISAN 


Name 


G Logitech Gaming Software.app 
Uninstaller.app 
Mm FWUpdate 


is LGS 
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Apple ID and corporate restrictions 
e Personal Apple products use a personal Apple ID 
— Associated with personal data and digital purchases 


e Companies use Managed Apple IDs using 
Apple Business Manager 
— Integrate with Active Directory 
— Connect with an existing 
— MDM (Mobile Device Manager) 
— Assign and move apps and digital content 
to selected users 


Backups 

e Time Machine - Included with macOS 

e Hourly backups - The past 24 hours 

e Daily backups - The past month 

e Weekly backups - All previous months 

e Starts deleting oldest information when disk is full 
Anti-virus 


e macOS does not include anti-virus 
— Or anti-malware 
e Many 3rd-party options 
— From the usual companies 
e An emerging threat 
— Still doesn’t approach Windows 
— It’s all about the number of desktops 


e Automate your signature updates 
— New updates every hour / day 


Size Date Modified Kind 


October 24, 2017 at 6:35 AM 
October 24, 2017 at 6:35 AM 
February 12, 2018 at 10:24 PM 
February 12, 2018 at 10:20 PM 


Application 
Application 
Folder 
Folder 
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1.10 - macos System Preferences 


System Preferences 
e The macOS version of the Windows Control Panel 
— A close comparison 


e Access to most customization and personalization options 


— Includes important configuration utilities 
e A good place to start 
— It’s probably in here 
Displays 
e Configure the location of multiple displays 
— Side by side, top to bottom 


e Menu bar can be moved to any display 
— Doesn't have to be the primary 


* Modify individual display settings 

— Resolution, brightness, colors 
Networks 
e Configure network interfaces - Wired, wireless 
* IPv4 and IPv6 - Manual and automatic (DHCP) 
* Detailed network settings - IP, DNS, 802.1X, etc. 
Printers & Scanners 


* Add and remove printers and scanners 
— Configure individual settings 


* Share printers and scanners 
— Configure rights and permissions 


* View status - Ink and toner levels, scanning status 


Privacy 
* Limit application access to private data 
— Location services, photos, calendars 
* Control access to cameras and microphones 
— Enable on a per-app basis 
* Unauthorized apps can't view your private data 
— Malware, other apps 
Accessibility 
* Allow apps to use system input 
— Keyboard, mouse, audio, video 
* Scripting and automation 
— Requires access for input 
* Limits third-party applications 
— Can't take over the keyboard 
Time Machine 
e Automated backups 
— Included with macOS 
* Hourly backups 
— The past 24 hours 
* Daily backups 
— The past month 
e Weekly backups 
— All previous months 


e Starts deleting oldest information when disk is full 


1.10 - macos Features 


Mission Control and Spaces 
* Quickly view everything that's running 
— Spread out the desktop into a viewable area 
— Swipe upwards with three fingers or 
— Control-Up arrow 
* Spaces 
— Multiple desktops 
— Add Spaces inside of 
— Mission Control 


Keychain 
* Password management 
— Passwords, notes, certificates, etc. 
* Integrated into the OS - Keychain Access 
* Passwords and Secure Notes are encrypted 
— Login password is the key 
Spotlight 
* Find files, apps, images, etc. 
— Similar to Windows search 
* Magnifying glass in upper right 
* Or press Command-Space 
* Type anything in - See what you find 


* Define search categories in System Preferences / Spotlight 


— Enable/disable categories 


iCloud 
* Integrates Apple technologies 
— macOS, iOS 
* Share across systems 
— Calendars, photos, documents, contacts, etc. 


* Backup iOS devices 
— Never lose data again 


e Store files in an iCloud drive 
— Similar to Google Drive, Dropbox 
— Integrated into the operating systems 


Gestures 
* You can do more than just point and click 
— Extend the capabilities of your trackpad 
* Use one, two, three fingers 
— Swipe, pinch, click 


e Customization 
— Enable/disable 
— System Preferences / Trackpad 
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1.10 - macos Features (continued) 


Finder 
e The central OS file manager 
— Compare with Windows Explorer 


e File management 
— Launch, delete, rename, etc. 


e Integrated access to other devices 
— File servers 
— Remote storage 
— Screen sharing 


Remote Disc 
e Use an optical drive from another computer 
— Has become more important over time 
— Designed for copying files 
— Will not work with audio CDs or video DVDs 
e Set up sharing in System Preferences 
— Sharing options 
— Appears in the Finder 
Dock 
e Fast access to apps 
— Quickly launch programs 
e View running applications 
— Dot underneath the icon 
e Keep folders in the dock 
— Easy access to files 
e Move to different sides of the screen 
— Auto-hide or always display 


Disk Utility 
e Manage disks and images - Resolve issues 
e File system utilities 

— Verify and repair file systems 

— Modify partition details 

— Erase disks 


e Create, convert, and restore images - Manage disk images 


FileVault 
e Full Disk Encryption (FDE) for macOS 
— Decryption uses a local key or iCloud authentication 


e Proper authentication is required before macOS can start 
— Data is unavailable to others 


e Available in System Preferences 
— Security & Privacy > FileVault 


Terminal 
e Command line access to the operating system 
— Manage the OS without a graphical interface 


e OS access 
— Run scripts, manage files 
— Configure OS and application settings 
Force Quit 
e Stop an application from executing 
— Some applications are badly written 
e Command-Option-Escape - List application to quit 
e Hold the option key when right-clicking the 
app icon in the dock 
— Choose Force Quit 


1.11 - Linux Commands 


Linux commands 
e The command line - Terminal, XTerm, or similar 


e Commands are similar in both Linux and macOS 
— Mac OS derived from 
BSD (Berkeley Software Distribution) Unix 
— This section is specific to Linux 


e Download a Live CD or install a virtual machine 
— Many pre-made Linux distributions are available 
— I’m using Ubuntu in a virtual machine 


e Use the man command for help 
— An online manual 
> man grep 


ls 
e List directory contents 
— Similar to the dir command in Windows 


e Lists files, directories 
— May support color coding; 
— Blue is a directory, red is an archive file, etc. 
e For long output, pipe through more: 
> ls -1 | more 
(use qor Ctrl-c to exit) 


pwd 

e Print Working Directory 
— Displays the current working directory path 
— Useful when changing directories often 


mv 
e Move a file 
— Rename a file 


emv SOURCE DEST 
> mv first.txt second.txt 


cp 
e Copy a file 
— Duplicate files or directories 
e cp SOURCE DEST 
> cp first.txt second.txt 


rm 
e Remove files or directories 
— Deletes the files 
e Does not remove directories by default 
— Directories must be empty to be removed or 
must be removed with -r 
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1.11 - Linux Commands (continued) 


chmod 
e Change mode of a file system object 
— rzread, w=write, x=execute 
— Can also use octal notation 
— Set for the file owner (u), the group(g), 
others(o), or all(a) 
echmod mode FILE 
> chmod 744 script.sh 
echmod 744 first.txt 
— User; read, write execute 
— Group; read only 
— Other; read only 
echmod a-w first.txt 
— All users, no writing to first.txt 
* chmod utx script.sh 
— The owner of script.sh can execute the file 


H Permission r w x 


7 Read, Write, and Execute r w x 
6 Read and Write rw- 
5 Read and Execute r- x 
4 Read only r-- 
3 Write and Execute -WX 
2 Write only -w- 
1 Execute only - -X 
0 none --- 
chown 


e Change file owner and group 
— Modify file settings 
esudo chown [OWNER:GROUP] file 
> sudo chown professor script.sh 


su / sudo 

e Some command require elevated rights 
— There are some things normal users can’t do 

e su 
— Become super user or change to a different user 
— You continue to be that user until you exit 


e sudo 
— Execute a command as the super user or user ID 
— Only that command executes as the super user 
apt-get 
e Advanced Packaging Tool 


— Handles the management of application packages 


— Applications and utilities 


e Install, update, remove 
> sudo apt-get install wireshark 


yum 
e Yellowdog Updater, Modified (yum) - Install, delete, update 


e Manages RPM packages 
— Red Hat Package Manager - RPM Package Manager 
— A Linux distribution will commonly use either 
yumor apt-get 
ip 
e Manage the network interfaces 
— Enable, disable, configure addresses, manage routes, 
ARP cache, etc. 
eip address 
— View interface addresses 
e ip route 
— View the IP routing table 
e sudo ip address add 192.168.121.241/24 dev eth0 
— Configure the IP address of an interface 
df 
e Disk Free - View file systems and free space 
° df 
— View number of blocks 
edf -h 
— View human-readable sizes 
grep 
e Find text in a file 
— Search through many files at a time 
grep PATTERN [FILE] 
> grep failed auth.log 
find 
e Finda file by name or extension 
— Search through any or all directories 
e Find files with a specific extension 
> find . -name "*.txt" 
dig 
e Lookup information from DNS servers 
— Canonical names, IP addresses, cache timers, etc. 
e dig (Domain Information Groper) 
— Detailed domain information 
— Add dig to Windows: - http://www.isc.org/downloads/bind/ 
cat 
e Concatenate - Link together in a series 
e Copya file/files to the screen 
cat filel.txt file2.txt 
e Copya file/files to another file 
cat filel.txt file2.txt > both.txt 
nano 
e Full-screen text editor - Easy to edit 
e Included with many Linux distributions - Easy to install 
e Select, mark, copy/cut, and paste text 
— Similar features to graphical-based editors 
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1.11 - Linux Features 


Backups 
e Many options 
— Command line and graphical 
— May be included with the distribution 


e tar 
— Tape Archive 
— Easy to script into 
— a backup schedule 
ersync 
— Sync files between storage devices 
— Instant synchronization or scheduled 
e Command line tools 
apt-get, yum 
e Graphical update managers 
— Software updater 
e Patch management 
— Updates can be scheduled 
e Software center 
— The Linux “App Store” 


Anti-Virus / Anti-malware 
e Relatively few viruses and malware for Linux 
— Still important to keep updated 


e Clam Antivirus 
— Open source antivirus engine 


e Same best practice as any other OS 
— Always update signature database 
— Always use real-time scanning 


Shell/Terminal 
e Command line access to the operating system 
— Common to manage in Linux 


e OS maintenance 
— Run scripts, manage files 
— Configure OS and application settings 


Samba 

e Add SMB (Server Message Block) to Linux 
— File and print sharing 
— Active Directory integration 


e Integrate Linux into a Windows environment 
— Linux becomes a Windows file server 


2.1 - Physical Security 


Access control vestibule 
e All doors normally unlocked 
— Opening one door causes others to lock 


e All doors normally locked 
— Unlocking one door prevents others 
from being unlocked 


e One door open / other locked 
— When one is open, the other cannot be unlocked 


e One ata time, controlled groups 
— Managed control through an area 


Badge reader 
e Magnetic swipe, RFID, or NFC 
— Many different identification methods 


e Different applications 
— Time clocks 
— Security guard patrols 
— Door access 


Video surveillance 
e CCTV (Closed circuit television) 
— Can replace physical guards 


e Camera features are important 
— Object detection can identify a license plate or 
person's face 


e Often many different cameras 

— Networked together and recorded over time 
e Motion detection 

— Radio reflection or passive infrared 

— Useful in areas not often in use 
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Alarm systems 

e Circuit-based 
— Circuit is opened or closed 
— Door, window, fence 
— Useful on the perimeter 


e Motion detection 
— Identify motion without a camera 


e Duress 
— Triggered by a person 
— The big red button 


Door locks 
e Conventional - Lock and key 


e Deadbolt - Physical bolt 

e Electronic - Keyless, PIN 

e Token-based - RFID badge, magnetic swipe card, or key fob 
e Biometric - Hand, fingers or retina 

e Multi-factor - Smart card and PIN 


Equipment locks 
e Data center hardware is usually managed by different 
groups 
— Responsibility lies with the owner 
e Racks can be installed together 
— Side-to-side 
e Enclosed cabinets with locks 
— Ventilation on front, back, top, and bottom 
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2.1 - Physical Security (continued) 


Guards and access lists 
e Security guard 


— Physical protection at the reception area of a facility 


— Validates identification of existing employees 
— Provides guest access 


e ID badge 
— Picture, name, other details 
— Must be worn at all times 


e Access list 
— Physical list of names 
— Enforced by security guard 


e Maintains a visitor log 


Barricades / bollards 
e Prevent access 
— There are limits to the prevention 


e Channel people through a specific access point 
— And keep out other things 
— Allow people, prevent cars and trucks 

e Identify safety concerns 
— And prevent injuries 

e Can be used to an extreme 


— Concrete barriers / bollards 
— Moats 


2.1 - Physical Security for Staff 


Key fobs 
e Small RFID key 
— Add to physical keychain 


e Replaces a physical key 
— Commonly used for door locks 
— Proximity operation and contactless 


Smart cards 
e Certificate-based authentication 
— Something you have 
— Usually requires additional factors 


e Integrated card reader 
— Built into the laptop 


e External reader 
— USB connected 


Keys 

e Some doors may not have an electronic lock 
— Rarely used 
— Standalone locks 
— Safe, storage bin, cabinet 


e Use a key cabinet 
— Formal check in/check out 
— Well-defined storage location 
— Allows for auditing and timestamps 


Fences 
* Build a perimeter 
— Usually very obvious 
— May not be what you're looking for 


e Transparent or opaque 
— See through the fence (or not) 


e Robust 
— Difficult to cut the fence 


e Prevent climbing 
— Razor wire 
— Build it high 


Biometrics 
e Biometric authentication 
— Usually stores a mathematical representation of your 
biometric 
— Your actual fingerprint isn't usually saved 


e Difficult to change 
— You can change your password 
— You can't change your fingerprint 


e Used in very specific situations 
— Not foolproof 


Biometric factors 
e Retina scanner 

— Unique capillary structure in the back of the eye 
e Fingerprint scanner - Phones, laptops, door access 
e Palmprint scanner - Shape of the hand and fingers 
Lighting 
e More light means more security 

— Attackers avoid the light 

— Easier to see when lit 

— Non IR cameras can see better 


e Specialized design 
— Consider overall light levels 
— Lighting angles may be important 
— Facial recognition 
— Avoid shadows and glare 
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2.1 - Physical Security for Staff (continued) 


Magnetometers Mobile Device Management (MDM) 
e Passive scanning - Detect metal objects e Manage company-owned and 


e Not useful for non-metal objectives 
— Won't identify ceramic or plastic 
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Least privilege 
e Rights and permissions should be set to the bare 
minimum 
— You only get exactly what's needed to 
complete your objective 


e All user accounts must be limited 
— Applications should run with minimal privileges 


e Don’t allow users to run with administrative privileges 
— Limits the scope of malicious behavior 


Access Control Lists (ACLs) 
e Used to allow or deny traffic 
— Also used for NAT, QoS, etc. 
— Commonly used on the ingress or egress of 
a router interface 


e ACLs evaluate on certain criteria 

— Source IP, Destination IP, 

— TCP port numbers, UDP port numbers, ICMP 
e Deny or permit 

— What happens when an ACL matches the traffic? 
e Also used in operating systems 

— Allow or deny access to the filesystem 


Multi-factor authentication 
e More than one factor 
— Something you are, something you have, 
something you know, somewhere you are, 
something you do 


e Can be expensive 
— Separate hardware tokens 


Software tokens 

e Authenticator application 
— Pseudo-random number generator 
— Can't guess it 
— Changes constantly 
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user-owned mobile devices 
— BYOD - Bring Your Own Device 


e Centralized management of the mobile devices 


— Specialized functionality 


e Set policies on apps, data, camera, etc. 


— Control the remote device 
— The entire device or a “partition” 


e Manage access control 


— Force screen locks and PINs on 
these single user devices 


2.1 - Logical Security 


e Saves money 
— Free smartphone applications 
— No separate device to lose 


Short message service (SMS) 
e Text messaging 
— Includes more than text these days 


e Login factor can be sent via SMS to a 
predefined phone number 
— Provide username and password 
— Phone receives an SMS 
— Input the SMS code into the login form 


e Security issues exist 
— Phone number can be reassigned to 
a different phone 
— SMS messages can be intercepted 
— SMS spoofing 


Voice call 
e A phone call provides the token 
— The computer is talking to you 
— “Your code is 1-6-2-5-1-7.” 
e Similar disadvantages to SMS 
— Phone call can be intercepted or forwarded 
— Phone number can be added to another phone 


Email filtering 

e Unsolicited email 
— Stop it at the gateway before it reaches the user 
— On-site or cloud-based 


e Scan and block malicious software 
— Executables, known vulnerabilities 
— Phishing attempts 
— Other unwanted content 
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2.1 - Active Directory 


Active Directory 
e A database of everything on the network 
— Computers, user accounts, file shares, 
printers, groups, and more 
e Manage authentication 
— Users login using their AD credentials 


e Centralized access control 
— Determine which users can access resources 


e Commonly used by the help desk 
— Reset passwords 
— Add and remove accounts 


Domain 

e The name associated with this related 
group of users, computers, and resources 
— Each domain has a name 


e Domain controllers store this central domain database 


— Active Directory is the service that 
manages this directory 


e Often referenced when troubleshooting 
— Is this computer on the domain? 
— Can you reset the domain password? 


Organizational units (OU) 
e Keep the (very large) database organized 
— Users, Computers 


e Create your own hierarchy 
— Countries, states, buildings, departments, etc. 


e Apply policies to an OU 
— Can be very large: 
— Domain Users 
— Can be for a specific group: 
— Marketing, North America, 
— Pegasus galaxy 


Login script 
e Automate a series of tasks during login 
— Assign a script to a specific user, group, or OU 


e Associate the script with a Group Policy 
— User Configuration > Policies > 
— Windows Settings > Scripts 


e Create different login scripts for different OUs 
— Customize based on your needs 


Group Policy/updates 

e Manage the computers or users with Group Policies 
— Local and Domain policies 
— Group Policy Management Editor 


e A central console 
— Login scripts 
— Network configurations (QoS) 
— Security parameters 
Update a client with the gpupdate utility: 
> gpupdate /force 


Home folder 

e Assign a user Home folder to a network folder 
— Manage and backup files from the network 
— Avoid storing files on the local computer 


e When added to the user profile, the directories 
are automatically created 
— And proper permissions are assigned 


e Requires some training 
— Encourage users to store files on the 
network Home folder 


Folder redirection 

e Some users and applications use the 
Windows Library folders 
— Desktop, Downloads, 
— Music, Documents, etc. 


e Redirect the folders to a network share 
— Group Policy > User Configuration > 
— Windows settings > Folder Redirection 


e This is often paired with the Offline Files feature 
— You're not always connected 


Security groups 
e Create a group 
— Assign permissions to the group 


e Set the rights and permissions to the group 
— Add users to the group 
e Some built-in groups 
— Users, guests 
— Remote management users 
— Event Log Readers 


e Save time 
— Avoid confusion and mistakes 


Group Policy and login scripts 


Pegasus 
Linked Group Pokey Objects Group Poley Inhertance Delegation 
Link Order GPO Enforced ^ LnkEnabi ied «GPO Status. — WMIFiter  Modfed Domen 
1 i Login Map Drives No Yes Enabled None 277720229... SGC local 


To view the script fles stored in this Group Poley Object, presa 
the button below. 


> | send [Standard 
s Á / Show Files. 
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2.2 - Wireless Encryption 


Securing a wireless network 

e An organization's wireless network can contain 
confidential information 
— Not everyone is allowed access 


* Authenticate the users before granting access 
— Who gets access to the wireless network? 
— Username, password, multi-factor authentication 


* Ensure that all communication is confidential 
— Encrypt the wireless data 


* Verify the integrity of all communication 
— The received data should be identical to 
the original sent data 
— A message integrity check (MIC) 


WPA (Wi-Fi Protected Access) 

* 2002: WPA was the replacement for serious 
cryptographic weaknesses in 
WEP (Wired Equivalent Privacy) 
— Don't use WEP 


* Needed a short-term bridge between WEP and 
whatever would be the successor 
— Run on existing hardware 


* WPA: RC4 with TKIP (Temporal Key Integrity Protocol) 
— Initialization Vector (IV) is larger and an encrypted hash 
— Every packet gets a unique 128-bit encryption key 


Wireless encryption 

* All wireless computers are 
radio transmitters and receivers 
— Anyone can listen in 


e Solution: Encrypt the data 
— Everyone has an encryption key 


* Only people with the right key can transmit and listen 
— WPA2 and WPA3 


WPA2 and CCMP 
e Wi-Fi Protected Access Il (WPA2) 
— WPA2 certification began in 2004 


* CCMP block cipher mode 
— Counter Mode with Cipher Block Chaining Message 
Authentication Code Protocol, or 
Counter/CBC-MAC Protocol 


* CCMP security services 
— Data confidentiality with AES encryption 
— Message Integrity Check (MIC) with CBC-MAC 


WPA3 and GCMP 
* Wi-Fi Protected Access 3 (WPA3) 
— Introduced in 2018 


* GCMP block cipher mode 
— Galois/Counter Mode Protocol 
— A stronger encryption than WPA2 


* GCMP security services 
— Data confidentiality with AES 
— Message Integrity Check (MIC) with 
— Galois Message Authentication Code (GMAC) 


The WPA2 PSK problem 
e WPA2 has a PSK brute-force problem 
— Listen to the four-way handshake 
— Some methods can derive the PSK hash 
without the handshake 
— Capture the hash 


* With the hash, attackers can brute force the 
pre-shared key (PSK) 


e This has become easier as technology improves 
— A weak PSK is easier to brute force 
— GPU processing speeds 
— Cloud-based password cracking 


* Once you have the PSK, you have everyone's 
wireless key 
— There's no forward secrecy 


SAE 
e WPA3 changes the PSK authentication process 
— Includes mutual authentication 
— Creates a shared session key without sending 
that key across the network 
— No more four-way handshakes, no hashes, 
no brute force attacks 
— Adds perfect forward secrecy 


e Simultaneous Authentication of Equals (SAE) 
— A Diffie-Hellman derived key exchange with 
an authentication component 
— Everyone uses a different session key, even with 
the same PSK 
— An IEEE standard - the dragonfly handshake 


Wireless security modes 
* Configure the authentication on your 
wireless access point / wireless router 
* Open System 
— No authentication password is required 
e WPA/2/3-Personal / WPA/2/3-PSK 
— WPA2 or WPA3 with a pre-shared key 
— Everyone uses the same 256-bit key 
e WPA/2/3-Enterprise / WPA/2/3-802.1X 
— Authenticates users individually with an 
authentication server (i.e., RADIUS) 
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2.2 - Authentication Methods 


RADIUS (Remote Authentication Dial-in User Service) 

e One of the more common AAA protocols 
— Supported on a wide variety of platforms and devices 
— Not just for dial-in 


e Centralize authentication for users 
— Routers, switches, firewalls 
—Server authentication 
— Remote VPN access 
— 802.1X network access 


e RADIUS services available on almost any server 
operating system 


TACACS 
e Terminal Access Controller 
— Access-Control System 
— Remote authentication protocol 
— Created to control access to dial-up lines to ARPANET 


e TACACS+ 
— The latest version of TACACS 
— More authentication requests and response codes 
— Released as an open standard in 1993 


Kerberos 
e Network authentication protocol 
— Authenticate once, trusted by the system 
— No need to re-authenticate to everything 
— Mutual authentication - the client and the server 
— Protect against on-path or replay attacks 
e Standard since the 1980s 
— Developed by the Massachusetts Institute of 
Technology (MIT) 
e Microsoft starting using Kerberos in Windows 2000 
— Based on Kerberos 5.0 open standard 
— Compatible with other operating systems and devices 


SSO with Kerberos 

e Authenticate one time 
— Lots of backend ticketing 
— Cryptographic tickets 

e No constant username and password input! 
— Save time 


e Only works with Kerberos 
— Not everything is Kerberos-friendly 


e There are many other SSO methods 
— Smart-cards, SAML, etc. 


Which method to use? 

e Many different ways to communicate to an 
authentication server 
— More than a simple login process 


e Often determined by what is at hand 
— VPN concentrator can talk to a RADIUS server 
— We have a RADIUS server 


e TACACS+ 
— Probably a Cisco device 


e Kerberos - Probably a Microsoft network 


Multi-factor authentication 
e More than one factor 

— Something you are 

— Something you have 

— Something you know 

— Somewhere you are 

— Something you do 


e Can be expensive 
— Separate hardware tokens 
— Specialized scanning equipment 


e Can be inexpensive - Free smartphone applications 


2.3 - Malware 


Malware How you get malware 

e Malicious software - These can be very bad e These all work together 

— Malicious software takes advantage of a vulnerability 

— Installs malware that includes a remote access backdoor 
— Bot may be installed later 


e Gather information - Keystrokes 
e Participate in a group - Controlled over the ‘net 


SNOW. L D ie MONEY e Your computer must run a program 


— Email link - Don’t click links 
— Web page pop-up 
— Drive-by download 


e Viruses and worms 
— Encrypt your data and ruin your day 


Malware types and methods 


e Trojan Horse — Worm 

* Rootkit * Your computer is vulnerable 

e Viruses — Operating system - Keep your OS updated! 
— Applications - Check with the publisher 

e Spyware 


e Ransomware 

* Keylogger 

* Boot sector virus 
* Cryptominers 
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2.3 - Malware (continued) 


Trojan horse 
e Used by the Greeks to capture Troy from the Trojans 
— A digital wooden horse 


e Software that pretends to be something else 
— So it can conquer your computer 
— Doesn't really care much about replicating 


e Circumvents your existing security 
— Anti-virus may catch it when it runs 
— The better Trojans are built to avoid and disable AV 


e Once it’s inside it has free reign 
— And it may open the gates for other programs 


Rootkits 
e Originally a Unix technique 
— The “root” in rootkit 


e Modifies core system files 
— Part of the kernel 


e Can be invisible to the operating system 
— Won't see it in Task Manager 


* Also invisible to traditional anti-virus utilities 
— If you can't see it, you can't stop it 
— Finding and removing rootkits 


e Look for the unusual 
— Anti-malware scans 


* Use a remover specific to the rootkit 
— Usually built after the rootkit is discovered 


e Secure boot with UEFI 
— Security in the BIOS 


Virus 
* Malware that can reproduce itself 
— |t needs you to execute a program 


* Reproduces through file systems or the network 
— Just running a program can spread a virus 


* May or may not cause problems 
— Some viruses are invisible, some are annoying 


* Anti-virus is very common 
— Thousands of new viruses every week 
— Is your signature file updated? 
— Boot sector virus 


* Most viruses run after the OS is loaded 
— Like most applications 
e Some boot loaders can be modified to run malware 
— Runs every time you start your computer 
* Modern UEFI BIOS includes Secure Boot 
— Prevent unsigned software from running during the 
boot process 


Spyware 
* Malware that spies on you 
— Advertising, identity theft, affiliate fraud 


* Can trick you into installing 
— Peer to peer, fake security software 


* Browser monitoring - Capture surfing habits 


* Keyloggers 
— Capture every keystroke 
— Send it back to the mother ship 


Ransomware 
* A particularly nasty malware 
— Your data is unavailable until you provide cash 


* Malware encrypts your data files 
— Pictures, documents, music, movies, etc. 
— Your OS remains available 
— They want you running, but not working 


* You must pay the bad guys to obtain the decryption key 
— Untraceable payment system 
— An unfortunate use of public-key cryptography 


Keyloggers 
* Your keystrokes contain valuable information 

— Web site login URLs, passwords, email messages 
* Save all of your input 

— Send it to the bad guys 
* Circumvents encryption protections 

— Your keystrokes are in the clear 
* Other data logging 

— Clipboard logging, screen logging, 

instant messaging, search engine queries 


File Edit Format View Help É DarkComet-RAT Keylogger : [IE11WIN7 / IEUser], Socket : [1496]. 


4 June 2017 1 :: Documents (8:22:21 AM) 
4 4— Monday (06-2017) 2 
Lf] 201706222] 4 
4 :: Untitled - Notepad (8:23:10 AM) 
5 Username: professormesser 
6 Password: not [<-]arealpassword 


i: DarkComet-RAT Keylogger : [IE11WIN7 / IEUs 
[ESC] 


3: Untitled - Notepad (8:27:05 AM) 
4 


D 


Export Current Log Searchonlog — 5j Refresh logs 


Cryptominers 

* Some cryptocurrency mining requires "proof of work" 
— Usually consists of a difficult math problem 
— Answer the problem and earn some currency 


* This requires extensive CPU processing 
— One CPU isn't enough 
— Attackers want to use your CPU 
* May appear in different ways 
— Visit a website and CPU utilization spikes 
— Malware is installed and mining is always occurring 
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2.3 - Anti-Malware Tools 


Windows Recovery Environment 
e Very powerful 


e Very dangerous 
— Last resort 


e Complete control 
— Fix your problems before the system starts 
— Remove malicious software 
e Requires additional information 
— Use, copy, rename, or replace operating system files 
and folders 
— Enable or disable service or device startup 
— Repair the file system boot sector or the 
master boot record (MBR) 


Starting the console 
e All Windows versions 
— Hold Shift key while clicking Restart 
— Or boot from installation media 
e Windows 10 
— Settings > Update and Security > Recovery > 
Advanced startup 
e Windows 11 
— System > Recovery > Advanced startup > Restart now 
e After rebooting 
— Troubleshoot > Advanced Options > Command Prompt 
Anti-virus and anti-malware 
e You need both 
— Often included together 
* Real-time options 
— Not just an on-demand scan 
* Modern anti-malware recognizes malicious activity 
— Doesn't require a specific set of signatures 
Software firewalls 
* Monitor the local computer 
— Alert on unknown or unauthorized 
network communication 


* Prevent malware communication 
— Downloads after infection 
— Botnet communication 
e Use Windows Firewall - At a minimum 
e Runs by default 
— Constantly monitoring 
— Any network connection 
Anti-phishing training 
e No single technology can stop social engineering 
— Don’t give away private information 
— The user is the best anti-phishing 
e Extensive training - Avoid becoming a victim 
e Test the users 
— Send a phishing email 
— Find out who clicks and gives up information 
e Train again 
End user education 
e One on one - Personal training 
e Posters and signs - High visibility 
e Message board posting - The real kind 
e Login message - These become invisible 
* Intranet page - Always available 
OS reinstallation 
e Only one way to guarantee malware removal 
— Delete everything 
— Install from scratch 
e Restore from backup (fast) 
— As long as the backup is not also infected 
e Manual installation (slowest) 
— Backup data files 
— Install Windows from installation media 
e Image the system (fastest) 
— User's data files are on a network share 
— Recover from a prebuilt image 


2.4 - Social Engineering 


Effective social engineering Phishing 
e Constantly changing - You never know what they'll use next e= Social engineering with a touch of spoofing 
— Often delivered by email, text, etc. 
e Don't be fooled - Check the URL 
e Usually there's something not quite right 
— Spelling, fonts, graphics 
e Vishing (Voice phishing) is done over 
the phone or voicemail 
— Caller ID spoofing is common 
— Fake security checks or bank updates 


e May involve multiple people 
— And multiple organizations 
— There are ties connecting many organizations 


e May be in person or electronic 
— Phone calls from aggressive “customers” 
— Emailed funeral notifications of a friend or associate 
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2.4 - Social Engineering (continued) 


Shoulder surfing 
e You have access to important information 
— Many people want to see 
— Curiosity, industrial espionage, competitive advantage 
e This is surprisingly easy 
— Airports / Flights, hallway-facing monitors, 
or coffee shops 


e Surf from afar 
— Binoculars / Telescopes (easy in the big city) 
— Webcam monitoring 


Preventing shoulder surfing 
e Control your input 
— Be aware of your surroundings 


e Use privacy filters 
— It’s amazing how well they work 


e Keep your monitor out of sight 
— Away from windows and hallways 


e Don’t sit in front of me on your flight 
— | can’t help myself 


Spear phishing 

e Targeted phishing with inside information 
— Makes the attack more believable 

e Spear phishing the CEO is “whaling” 
— Targeted phishing with the possibility of a large catch 
— The CFO (Chief Financial Officer) is commonly speared 


e These executives have direct access to the corporate 
bank account 
— The attackers would love to have those credentials 


Tailgating and piggybacking 

e Tailgating uses an authorized person to gain 
unauthorized access to a building 
— The attacker does not have consent 
— Sneaks through when nobody is looking 


e Piggybacking follows the same process, but the 
authorized person is giving consent 
— Hold the door, my hands are full of donut boxes 
— Sometimes you shouldn't be polite 


e Once inside, there's little to stop you 
— Most security stops at the border 
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Watching for tailgating 
* Policy for visitors - You should be able to identify 
anyone 


e One scan, one person 
— A matter of policy or mechanically required 


e Access Control Vestibule / Airlock 
— You don’t have a choice 


e Don’t be afraid to ask 
— Who are you and why are you here? 


Impersonation 
e Pretend to be someone you aren’t 
— Halloween for the fraudsters 


e Use some of those details you got from the dumpster 
— You can trust me, I’m with your help desk 


e Attack the victim as someone higher in rank 
— Office of the Vice President for Scamming 


e Throw tons of technical details around 
— Catastrophic feedback due to the 
depolarization of the differential magnetometer 


e Be a buddy 
— How about those Cubs? 


Dumpster diving 

e Mobile garbage bin 
— United States brand name “Dumpster” 
— Similar to a rubbish skip 


e Important information thrown out with the trash 
— Thanks for bagging your garbage for me! 


e Gather details that can be used for a different attack 
— Impersonate names, use phone numbers 

e Timing is important 
— Just after end of month, end of quarter 
— Based on pickup schedule 


Wireless evil twins 
e Looks legitimate, but actually malicious 
— The wireless version of phishing 


e Configure an access point to look like 
an existing network 
— Same (or similar) SSID and security 
settings/captive portal 
e Overpower the existing access points 
— May not require the same physical location 


e WiFi hotspots (and users) are easy to fool 
— And they're wide open 

e You encrypt your communication, right? 
— Use HTTPS and a VPN 
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2.4 - Denial of Service 


Denial of service Distributed Denial of Service (DDoS) 
e Force a service to fail e Launch an army of computers to bring down a service 
— Overload the service — Use all the bandwidth or resources - traffic spike 
e Take advantage of a design failure or vulnerability e This is why the bad guys have botnets 
— Keep your systems patched! — Thousands or millions of computers at your command 
e Create a smokescreen for some other exploit * The attackers are zombies a 
— Precursor to a DNS spoofing attack — Many people have no idea they are participating 
e Doesn't have to be complicated ira Once 
— Turn off the power Mitigating DDoS attacks 
A “friendly” DoS e May be able to filter out traffic patterns 


s Unittentional Dosing — Stop the traffic at your firewall 


— It’s not always a ne’er-do-well e Internet service provider may have anti-DDoS systems 


e Network DoS — These can help “turn down” the DDoS volume 


— Layer 2 loop without STP * Third-party technologies 


e Bandwidth DoS — CloudFlare, etc. 
— Downloading multi-gigabyte Linux distributions 
over a DSL line 


e The water line breaks 
— Get a good shop vacuum 


2.4 - Zero-Day Attacks 


Zero-day attacks Zero-day vulnerabilities 
e Many applications have vulnerabilities e December 9, 2021 - Log4j remote code execution 
— We’ve just not found them yet — Java-based logging utility provided as 
e Someone is working hard to find the an Apache service 
next big vulnerability — Installed on millions of servers 
— The good guys share these with developers — Vulnerability introduced on September 14th, 2013 
e Attackers keep these yet-to-be-discovered ° December 14th - Fix is released 
holes to themselves — Extensive patching 
— They want to use these vulnerabilities for personal gain e December 17th - 
e Zero-day — Two new issues fixed 
— The vulnerability has not been detected or published — Everyone is looking for bugs 


— Zero-day exploits are increasingly common 


e Common Vulnerabilities and Exposures (CVE) 
— https://cve.mitre.org/ 


2.4 - On-Path Attacks 


On-path network attack On-path browser attack 

* How can an attacker watch without you knowing? e What if the middleman was on the same 
— Formerly known as man-in-the-middle computer as the victim? 

e Redirects your traffic - Malware/Trojan does all of the proxy work 
— Then passes it on to the destination — Formerly known as man-in-the-browser 
— You never know your traffic was redirected * Huge advantages for the attackers 

e ARP poisoning — Relatively easy to proxy encrypted traffic 
— On-path attack on the local IP subnet — Everything looks normal to the victim 
— ARP has no security e The malware in your browser waits for you 
— ARP poisoning (spoofing) to login to your bank 


— And cleans you out 
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2.4 - On-Path Attacks (continued) 
ARP poisoning (spoofing) 


A legitimate response to 
an ARP request is received 
from the default gateway. 
The ARP response is 192.168.1.9 
cached on the local device. 


c8:bc:c8:a7:38:d5 


ARP Response: | am 192.168.1.1 


My MAC address is 11:22:33:44:55:66 


192.168.1.1 
11:22:33:44:55:66 


ARP Cache 

192.168.1.1 = 11:22:33:44:55:66 
An attacker sends an ARP 
response that spoofs the IP 
address of the router and PR 
includes the attacker’s MAC È “SPon te 
address. 192.168.1.9 MAC aqq 192.169 1 

c8:bc:c8:a7:38:d5 78 He Noc 
The malicious ARP information ARP Cache "NOS DRE MES 
replaces the cached record, 192-168-1--7:22:32- 44:55:66 < 
completing the ARP poisoning. | 192.168.1.1 = aa:bb:cc:dd:ee:ff 


2.4 - Password Attacks 


192.168.1.4 
aa:bb:cc:dd:ee:ff 


Plaintext / unencrypted passwords 

e Some applications store passwords “in the clear” 
— No encryption. You can read the stored password. 
— This is rare, thankfully 


* Do not store passwords as plaintext 
— Anyone with access to the password file or 
database has every credential 


e What to do if your application saves passwords 
as plaintext: 
— Get a better application 


Hashing a password 
e Hashes represent data as a fixed-length string of text 
— A message digest, or “fingerprint” 
* Will not have a collision (hopefully) 
— Different inputs will not have the same hash 
* One-way trip 
— Impossible to recover the original message 
from the digest 
— A common way to store passwords 


The password file 
* Different across operating systems and applications 
— Different hash algorithms 
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Brute force 
* Try every possible password combination 
until the hash is matched 


* This might take some time 
— A strong hashing algorithm slows things down 


* Brute force attacks - Online 
— Keep trying the login process 
— Very slow 
— Most accounts will lockout after a number of 
failed attempts 


e Brute force the hash - Offline 

— Obtain the list of users and hashes 

— Calculate a password hash, compare it to a stored 

hash 

— Large computational resource requirement 
Dictionary attacks 
* Use a dictionary to find common words 

— Passwords are created by humans 
* Many common wordlists available on the 'net 

— Some are customized by language or line of work 
* The password crackers can substitute letters 

— p&sswOrd 
* This takes time 

— Distributed cracking and GPU cracking is common 
* Discover passwords for common words 

— This won't discover random character passwords 
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2.4 - Insider Threats 


Insider threats 
e More than just passwords on sticky notes 
— Some insiders are out for no good 


e Sophistication may not be advanced, but the insider 


has institutional knowledge 
— Attacks can be directed at vulnerable systems 
— The insider knows what to hit 


e Extensive resources 
— Eating away from the inside 


Recruiting insiders 
e We're getting better with protecting the network perimeter 
— It’s an ongoing race 


e Ransomware actors are targeting insiders 
— Offering Bitcoin in exchange for access 
— One ransomware infection can earn millions 
for an attacker 


e Keep aware 
— Maintain good security fundamentals 
— Always have backups 


2.4 - SQL Injection 


Code injection 
e Code injection 
— Adding your own information into a data stream 
e Enabled because of bad programming 
— The application should properly handle input 
and output 


e So many different data types 
— HTML, SQL, XML, LDAP, etc. 


SQL injection 
e SQL - Structured Query Language 
— The most common relational database management 
system language 
e SQL Injection 
— Modify SQL requests (Your application shouldn't allow this) 
e If you can manipulate the database, 
then you control the application 
— A significant vulnerability 


2.4 - Cross-site Scripting 


Cross-site scripting 
e XSS 
— Cascading Style Sheets (CSS) are 
something else entirely 


e Originally called cross-site because of 
browser security flaws 

— Information from one site could be 
shared with another 


e One of the most common web application 
development errors 
— Takes advantage of the trust a user has for a site 
— Complex and varied 


e Malware that uses JavaScript 
— Do you allow scripts? Me too. 


Non-persistent (reflected) XSS attack 
e Web site allows scripts to run in user input 
— Search box is a common source 


e Attacker emails a link that takes advantage of 
this vulnerability 
— Runs a script that sends credentials / 
session IDs / cookies to the attacker 


e Script embedded in URL executes in 
the victim's browser 
— As if it came from the server 

e Attacker uses credentials/session IDs/ cookies to 
steal victim’s information without their knowledge 
— Very sneaky 
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Persistent (stored) XSS attack 
e Attacker posts a message to a social network 
— Includes the malicious payload 


e It’s now “persistent”- Everyone gets the payload 
e No specific target - All viewers to the page 


e For social networking, this can spread quickly 
— Everyone who views the message can have it 
posted to their page 
— Where someone else can view it and propagate it further... 


Hacking a Subaru 
e June 2017, Aaron Guzman - Security researcher 


e When authenticating with Subaru, users get a token 
— This token never expires (bad!) 


e A valid token allowed any service request 
— Even adding your email address to someone else's account 
— Now you have full access to someone else’s car 


e Web front-end included an XSS vulnerability 
— A user clicks a malicious link, and you have their token 


Protecting against XSS 
* Be careful when clicking untrusted links 
— Never blindly click in your email inbox. Never. 
e Consider disabling JavaScript 
— Or control with an extension 
— This offers limited protection 
e Keep your browser and applications updated 
— Avoid the nasty browser vulnerabilities 
* Validate input 
— Don't allow users to add their own scripts to an input field 
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2.4 - Security Vulnerabilities 


Non-compliant systems 
e A constant challenge 
— There are always changes and updates 


e Standard operating environments (SOE) 
— A set of tested and approved 
hardware/software systems 
— Often a standard operating system image 


e Operating system and application updates 
— Must have patches to be in compliance 
— OS updates, anti-virus signatures 
— Can be checked and verified before access is given 


Protecting against non-compliant systems 
e Operating system control 
— Apply policies that will prevent 
non-compliant software 


e Monitor the network for application traffic 
— Next-generation firewalls with application visibility 


e Perform periodic scans 
— Login systems can scan for non-compliance 
— Require correction before the system is given access 
Unpatched systems 
e Microsoft Patch Tuesday 
— Second Tuesday of each month (10:00 AM PST) 
e Suddenly, systems are vulnerable to security flaws 
— Patch the operating system and applications 
e An organization might have thousands of systems 
— Some of those are major services 
e One forgotten system may be the weakest link 
— This happens quite a bit 
e Patch management is a critical practice 
— Test, prioritize, and deploy 


Unprotected systems 
e Security issues are often roadblocks 
— Applications may not work properly without 
additional configurations 


e Some troubleshooting tasks can be insecure 
— Disable antivirus and try again 
— Disable the firewall and try again 


e Permanently disabling security isn’t the answer 
— You don't fix a bad door lock by removing the door 
— Become an expert in application troubleshooting 


Product support lifetime 
e End of life (EOL) operating systems 
— Manufacturer stops selling an OS 
— May continue supporting the OS 
— Important for security patches and updates 


e End of service life (EOSL) 
— Manufacturer stops selling an OS 
— Support is no longer available 
— No ongoing security patches or updates 
— May have a premium-cost support option 


e Technology EOSL is a significant concern 
— Security patches are part of normal operation 


BYOD 
e Bring Your Own Device / Bring Your Own Technology 


e Employee owns the device 
— Need to meet the company’s requirements 


* Difficult to secure 
— It's both a home device and a work device 
— How is data protected? 
— What happens to the data when a device is 
sold or traded in? 
— An infected device could disclose proprietary 
company information 


2.5 - Defender Antivirus 


Microsoft Defender Antivirus 
* Built-in antivirus for Windows 10 and 11 
— No additional third-party products required 


* Included in the Windows Security app 
— Virus & threat protection 


* May not specifically display "Defender Antivirus" 
— The name has changed over time 
— Windows Defender 
— Microsoft Defender Antivirus 


Activate or deactivate 
* Don't disable your security protection 
— This is for temporary troubleshooting 
— This will increase risk 
— Make sure you know what you're doing 
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* Defender Antivirus operates in real-time 
— Enable or disable this feature 
* Windows Security app 
— Virus & threat protection settings > 
— Manage settings » Real-time protection 
Updated definitions 
* Antivirus is only as good as the latest signatures 
— It’s important to stay up to date 
* Virus & threat protection updates 
— Check for updates 
* Click the "Check for updates" button 
— Automatic updates are normally configured 
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2.5 - Windows Firewall 


Enabling and disabling Windows Firewall 
e Your firewall should always be enabled 
— Sometimes you need to troubleshoot 


e Temporarily disable from the Control Panel or 
from Windows Security 
— Turn Windows Firewall on or off 
— Requires elevated permissions 
e Different settings for each network type 
— Public / Private 
Windows Firewall configuration 
e Block all incoming connections 
— Ignores your exception list 
— Useful when you need security 


e Modify notification - App blocking 


Creating a firewall exception 
e Allow an app or feature through Windows Firewall 
— The more secure exception 


e Port number 
— Block or allow 


e Predefined exceptions 
— List of common exceptions 
— Custom rule 
— Every firewall option 


2.5 - Windows Security Settings 


Windows authentication 
e Login to the Windows desktop 
— And access network resources 
e Local accounts 
— Only associated with a specific Windows device 


e Microsoft accounts 


— Sync settings between devices, integrate applications 


(Skype, Office) with OneDrive, and more 


e Windows Domain accounts 
— Centrally managed from Active Directory 


Users and groups 
e Users 
— Administrator 
— The Windows super-user 
— Guest (Limited access) 
— Standard Users 


e Groups 
— Power Users 
— Not much more control than a regular user 
— Permissions removed in Windows Vista and later 


Login options 
e Username / password 
— Common authentication credentials 
e Personal Identification Number (PIN) 
— A local access code 
* Biometrics 
— Fingerprint, facial recognition 
* Single sign-on (SSO) 
— Windows Domain credentials 
— Sign in one time 
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NTFS vs. Share permissions 
* NTFS permissions apply from local and 
network connections 


* Share permissions only apply to connections 
over the network 
— A "network share" 


* The most restrictive setting wins 
— Deny beats allow 


* NTFS permissions are inherited from 
the parent object 
— Unless you move to a different folder 
on the same volume 


Explicit and inherited permissions 
* Explicit permissions 
— Set default permissions for a share 
* |nherited permissions 
— Propagated from the parent object to 
the child object 
— Set a permission once, it applies to 
everything underneath 


* Explicit permissions take precedence over 
inherited permissions 
— Even inherited deny permissions 


Run as administrator 
* Administrators have special rights and permissions 
— Editing system files, installing services 
* Use rights and permissions of the administrator 
— You don't get these by default, even if you're in 
the Administrators group 
* Right-click the application 
— Run as administrator 
— Or search and click “Run as administrator" 


https://www.ProfessorMesser.com 


© 2022 Messer Studios, LLC 


2.5 - Windows Security Settings (continued) 


UAC (User Account Control) 
e Limit software access - Protect your computer 
e Standard users 
— Use the network or change your password 
e Administrators 
— Install applications or configure Remote Desktop 
e Secure Desktop - Limits automated access 
BitLocker 
e Encrypt an entire volume 
— Protects all of your data, including the OS 
— Support for all Windows editions except Home 


e Lose your laptop? - Doesn't matter without the password 


e Data is always protected 


— Even if the physical drive is moved to another computer 


e BitLocker To Go - Encrypt removable USB flash drives 


EFS 
e Encrypting File System 
— Encrypt at the file system level 
— Requires the NTFS file system 
e OS support 
— Support for all Windows editions except Home 
e Uses password and username to encrypt the key 
— Administrative resets will cause EFS files to be 
inaccessible 


2.6 - Security Best Practices 


Data encryption 
e Full-disk encryption 
— Encrypt data-at-rest 


e File system encryption 
— Individual files and folders 


e Removable media 
— Protect those USB flash drives 


e Key backups are critical 
— You always need to have a copy 
— This may be integrated into Active Directory 
— You'll want to keep the key handy 


Password complexity and length 
e Make your password strong 
— Resist guessing or brute-force attack 


e Increase password entropy 
— No single words, no obvious passwords 
— Mix upper and lower case and use special characters 


e Stronger passwords are at least 8 characters 
— Consider a phrase or set of words 


Password expiration and recovery 
e All passwords should expire 
— Change every 30 days, 60 days, 90 days 
— System remembers password history, 
requires unique passwords 


e Critical systems might change more frequently 
— Every 15 days or every week 


e The recovery process should not be trivial! 
— Some organizations have a very formal process 


Password best practices 
e Changing default usernames/passwords 
— All devices have defaults 
— There are many web sites that document these 


e BIOS/UEFI passwords 
— Supervisor/Administrator password: 
Prevent BIOS changes 
— User password: Prevent booting 


e Requiring passwords 
— Always require passwords 
— No blank passwords 
— No automated logins 


End-user best practices 

e Require a screensaver password 
— Integrate with login credentials 
— Can be administratively enforced 


e Does not require user intervention 
— Automatically locks after non-use or timeout 


e Secure critical hardware 
— Laptops can easily walk away - 
— Lock them down 
Securing PII and passwords 
e Personally identifiable information 
— Name, address, social security number, etc. 
e Control your input 
— Be aware of your surroundings 
e Use privacy filters 
— It's amazing how well they work 
e Keep your monitor out of sight 
— Away from windows and hallways 
e Don't sit in front of me on your flight 
— | can’t help myself 
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2.6 - Security Best Practices (continued) 


Account management 

e User permissions 
— Everyone isn't an Administrator 
— Assign proper rights and permissions 
— This may be an involved audit 


e Assign rights based on groups 
— More difficult to manage per-user rights 
— Becomes more useful as you grow 


e Login time restrictions 
— Only login during working hours 
— Restrict after-hours activities 


Disabling unnecessary accounts 
e All operating systems include other accounts 
— Guest, root, mail, etc. 


e Not all accounts are necessary 
— Disable/remove the unnecessary 
— Disable the guest account 


* Disable interactive logins 
— Not all accounts need to login 
e Change the default usernames 
— User:admin Password:admin 
— Helps with brute-force attacks 


Locking the desktop 
e Failed password attempts 
— Should lock the account and/or reboot after 
a certain threshold 
— Prevents online brute force attacks 


e Automatically lock the system 
— After a certain amount of inactivity 
— Or when you walk away 


AutoRun and AutoPlay 

e Disable AutoRun on older OSes 
— autorun.inf in Vista 
— No Autorun in Windows 7, 8/8.1, 10, or 11 
— Disabled through the registry 


e Disable AutoPlay 
— Configure in Settings > 
Bluetooth & devices > 
AutoPlay 


e Get the latest security patches 
— Updates to autorun.inf and AutoPlay 


2.7 - Mobile Device Security 


Screen locks 
e Restrict access to the device 
— You’re going to leave it somewhere 
e Facial recognition 
— Unlock with your face 
e PIN 
— Choose a personal identification number 
e Fingerprint 
— Built-in fingerprint reader 
e Swipe 
— Choose a pattern 
e Failed attempts 
— iOS: Erase everything after 10 failed attempts 
— Android: Lock the device and require a 
Google login or wipe the device 


Locator applications and remote wipe 
* Built-in GPS 
— And location “helpers” 
* Find your phone 
— On a map. 
* Control from afar 
— Make a sound 
— Display a message 
* Wipe everything 
— At least your data is safe 


Patching/OS updates 
* All devices need updates - Even mobile devices 
* Device patches - Security updates 
* Operating system updates 
— New features, bug fixes 
* Don't get behind! 
— Avoid security problems 
Full device encryption 
* Encrypt all device data 
— Phone keeps the key 
* jOS 8 and later 
— Personal data is encrypted with your passcode 
* Android 
— Version 5.0 and later is probably already encrypted 
Remote backup 
e Difficult to backup something that’s always moving 
— Backup to the cloud 
* Constant backup 
— No manual process 
* Backup without wires 
— Use the existing network 
* Restore with one click 
— Restores everything 
— Authenticate and wait 
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2.7 - Mobile Device Security (continued) 


Anti-virus and anti-malware 
e Apple iOS 
— Closed environment, tightly regulated 
— Malware has to find a vulnerability 
e Android 
— More open, apps can be installed from anywhere 
— Easier for malware to find its way in 
e Apps run in a “sandbox” 
— You control what data an app can view 
e Third-party virus and malware protection 
— Available from the usual providers 
Firewalls 
e Mobile phones don't include a firewall 
— Most activity initiates outbound, not inbound 
e Some mobile firewall apps are available 
— Most for Android 
— None seem to be widely used 
e Enterprise environments can control mobile apps 
— Firewalls can allow or disallow access 


Policies and procedures 

e Manage company-owned and user-owned 
mobile devices 
— BYOD - Bring Your Own Device 


e Centralized management of the mobile devices 

— Specialized functionality / 

Mobile Device Manager (MDM) 

e Set policies on apps, data, camera, etc. 

— Control the remote device 

— The entire device or a “partition” 
e Manage access control 

— Force screen locks and PINs on these single user devices 
loT (Internet of Things) 
e Sensors - Heating and cooling, lighting 
e Smart devices - Home automation, video doorbells 
e Wearable technology - Watches, health monitors 
* Facility automation - Temperature, air quality, lighting 
e Weak defaults 


— loT manufacturers are not security professionals 
— Consider isolating loT devices on their own network 


2.8 - Data Destruction 


Physical destruction 
e Shredder 
— Heavy machinery - complete destruction 


e Drill / Hammer 
— Quick and easy - Platters, all the way through 


e Electromagnetic (degaussing) 
— Remove the magnetic field 
— Destroys the drive data and the electronics 


e Incineration - Fire hot. 


Certificate of destruction 
e Destruction is often done by a 3rd party 
— How many drills and degaussers do you have? 


e Need confirmation that your data is destroyed 
— Service should include a certificate 


e A paper trail of broken data 
— You know exactly what happened 


Disk formatting 
e Low-level formatting 
— Provided at the factory 
— Not recommended for the user 


e Standard formatting / Quick format 
— Sets up the file system, installs a boot sector 
— Clears the master file table but not the data 
— Can be recovered with the right software 


e Standard formatting / Regular format 
— Overwrites every sector with zeros 
— Default for Windows Vista and later 
— Can't recover the data 
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Erasing data 

e File level overwriting 
— Sdelete — Windows Sysinternals 
— Remaining files are still available 


e Whole drive wipe secure data removal 
— DBAN - Darik's Boot and Nuke 
— Removes all data on the drive 
— Use the drive again 


* Physical drive destruction 
— One-off or industrial removal and destroy 
— Drive is no longer usable 


Hard drive security 
* 2019 study from Blancco and Ontrack 
— 159 storage drives from eBay 
— 4296 of the used drives contain sensitive data 


* Different data types 
— 66 drives had data, 25 drives with PII 


* Varied data sources 
— Travel company email archive 
— Freight company shipping details 
— University student papers 
— Audio, video, and other personal files 


© 2022 Messer Studios, LLC 


https://www.ProfessorMesser.com 


2.9 - Securing a SOHO Network 


Change default passwords 


e All access points have default usernames and passwords 


— Change yours! 
e The right credentials provide full control 
— Administrator access 


e Very easy to find the defaults for your 
access point or router 
— https://www.routerpasswords.com 


Firmware updates 

e Small office / home office appliances 
— Appliance are usually a closed architecture 
— Updates are provided by the manufacturer 


e Updates may address different requirements 
— Bug fixes 
— New features 
— Security patches 
* Install the latest software 
— Update and upgrade the firmware 
— Firewalls, routers, switches, etc. 
IP address filtering 
* Content filtering, IP address ranges 
— Or a combination 


* Allow list 


— Nothing pass through the firewall unless it's approved 


— Very restrictive 
* Deny list 
— Nothing on the "bad list" is allowed 
— Specific URLs 
— Domains 
— IP addresses 


Content filtering 
e Control traffic based on data within the content 
— URL filtering, website category filtering 


e Corporate control of outbound and inbound data 
— Sensitive materials 


e Control of inappropriate content 
— Not safe for work 
— Parental controls 


e Protection against evil 
— Anti-virus, anti-malware 


Physical placement 
e Often a single device 
— Router, switch, access point, firewall, etc. 


e Location may be restricted to a secure room 
— Prevent access to servers and network devices 
— For wireless, location becomes more important 
— Above ceiling tiles or another high point 
— This may cause problems for power cycling 


e Plan before the installation 
— May require additional setup time 
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IP addressing 
e DHCP (automatic) IP addressing vs. 
manual IP addressing 


e IP addresses are easy to see in 
an unencrypted network 


e If the encryption is broken, the IP addresses 
will be obvious 


e Configuring a static IP address is not 
a security technique 
— Security through obscurity 


DHCP reservations 
e Address reservation 
— Administratively configured 


e Table of MAC addresses 
— Each MAC address has a matching IP address 


e Other names 
— Static DHCP Assignment 
— Static DHCP 
— Static Assignment 
— IP Reservation 


Static WAN IP 
e Wide area network / Internet link 
— External IP address 


e Many ISPs dynamically allocate WAN addresses 
— The default for most ISPs 


e It's easier to manage if the IP address is static 
— The IT team always knows the IP address 
— A SOHO might provide a service 


e This may be an additional cost 
— Contact the ISP for options 


UPnP (Universal Plug and Play) 

e Allows network devices to automatically configure 
and find other network devices 
— Zero-configuration 


e Applications on the internal network can open 
inbound ports using UPnP 
— No approval needed 
— Used for many peer-to-peer (P2P) applications 


e Best practice would be to disable UPnP 
— Only enable if the application requires it 
— And maybe not even then 


Screened subnet 
e Previously known as the demilitarized zone (DMZ) 
— An additional layer of security between 
the Internet and you 
— Public access to public resources 
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2.9 - Securing a SOHO Network (continued) 


SSID management Disabling ports 
e Service Set Identifier e Enabled physical ports 
— Name of the wireless network — Conference rooms 
— LINKSYS, DEFAULT, NETGEAR — Break rooms 
e Change the SSID to something not-so obvious e Administratively disable unused ports 
e Disable SSID broadcasting? — More to maintain, but more secure 
— SSID is easily determined through wireless e Network Access Control (NAC) 
network analysis — 802.1X controls 
— Security through obscurity — You can’t communicate unless you are authenticated 
Wireless channels and encryption Port forwarding 
e Open System e 24x7 access to a service hosted internally 
— No authentication password is required — Web server, gaming server, security system, etc. 
e WPA/2/3-Personal / WPA/2/3-PSK e External IP/port number maps to an internal IP/port 
— WPA2 or WPA3 with a pre-shared key — Does not have to be the same port number 
— Everyone uses the same 256-bit key e Also called Destination NAT or Static NAT 
e WPA/2/3-Enterprise / WPA/2/3-802.1X — Destination address is translated from a public IP to 
— Authenticates users individually with an a private IP 
authentication server (i.e., RADIUS, LDAP, etc.) — Does not expire or timeout 


e Use an open frequency 
— Some access points will automatically find 
good frequencies 


Screened Subnet 


Screened Subnet 


Disable guest networks Switch 


e Limit access to outsiders 
— Guest networks are often enabled by default 


e Some guest networks can be used for other 
connections 
— Internet of Things 
— Lab networks 


Internal Network 


Internal Network 
Switch 


e Don’t enable without security 
— WPA2 or WPA3 


Firewall 


2.10 - Browser Security 


Browser download and installation Extensions and plug-ins 
e Always use trusted sources e Trusted sources 
— Attackers want you to install the malware for them — Official browser extension library 
— No fancy exploit required — Chrome Web Store 
e Avoid untrusted third-party sites - Microsoft Store — 
— Don't click links in emails — Known-good websites 
— Don’t follow links from other websites e Untrusted sources 
— Always visit a browser site directly — Random or unfamiliar websites 
e Use hashes to verify the download - Installed by malware 
— Confirm the downloaded file matches the e This is a significant attack vector 
version on the server — Almost everything we do is in our browser 
Hash verification Malicious browser extensions 
e Install a hash checking application e° March 2021 
— Available for command line and GUI — More than 24 malicious 
— Options available in the Microsoft Store — Google Chrome extensions identified 
e Hash values may be available on the download site = Includes 40 malicious domains , 
— Usually includes a digital signature for verification — Not identified by security technologies 


e Verify the downloaded file 
— Compare the downloaded file hash with the posted hash value 
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2.10 - Browser Security (continued) 


e Malicious activity identified 
— Credential theft 
— Screenshots and keylogging 
— Data exfiltration 


e Don’t trust any software - Always have backups 


Password managers 

e Password vaults 
— All passwords in one location 
— A database of credentials 


e Secure storage 
— All credentials are encrypted 
— Cloud-based synchronization options 


e Create unique passwords 
— Passwords are not the same across sites 


e Personal and enterprise options 
— Corporate access 


Secure connections 
e Security alerts and invalid certificates 
— Something isn’t quite right 
— Should raise your interest 
e Look at the certificate details 
— May be expired or the wrong domain name 
— The certificate may not be properly signed 
(untrusted certificate authority) 
— Correct time and date is important 
Enable pop-up blockers 
e Pop-up blocker 
— Prevent unwanted notification windows 
e Enable or disable 
— Should usually be enabled 
— Disable temporarily when troubleshooting 
e Block and allow 


— Control pop-up blocking on certain websites 


Clearing private data 
e Clear browsing data 
— History 
— Saved passwords 
— List of downloaded files 


e Clear cache 
— Parts of a website are stored locally 
— Remove all local data 


Private browsing mode 

e Don't store information from a browsing session 
— Good for privacy 
— Useful when testing or troubleshooting 


e Removes the information when the browser is closed 
— No history tracking 
— No download file list 
— Cached information is deleted 


Browser data synchronization 
e Share browsing data across multiple systems 
— Sign in to the browser 


e Use with other computers, tablets, and mobile devices 
— Browsing history 
— Favorites 
— Installed extensions 
— Other settings 


Ad blockers 

e Some browsers can block advertising 
— This isn’t always an option 

e Many sites will track visits 
— And recognize a return visit 

e Difficult to always recognize an advertisement 
— You can control the security level 


3.1 - Troubleshooting Windows 


Bluescreens and frequent shutdowns 
e Startup and shutdown BSOD 
— Bad hardware, bad drivers, bad application 


e Use Last Known Good, System Restore, 
or Rollback Driver 
— Try Safe mode 
e Reseat or remove the hardware 
— If possible 
e Run hardware diagnostics 
— Provided by the manufacturer 
— BIOS may have hardware diagnostics 
Sluggish performance 
e Task Manager 
— Check for high CPU utilization and I/O 


e Windows Update - Latest patches and drivers 


e Disk space - Check for available space and defrag 
e Laptops may be using power-saving mode 
— Throttles the CPU 
e Anti-virus and anti-malware - Scan for attackers 
Boot errors 
e Can't find operating system 
— “Operating system not found”, “Missing operating system” 
* Boot loader replaced or changed 
— Multiple operating systems installed 
e Check boot drives - Remove any media 
e Startup Repair 
e Modify the Windows Boot Configuration Database (BCD) 


— Formerly boot.ini 
— Recovery Console: bootrec /rebuildbcd 
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3.1 - Troubleshooting Windows (continued) 


Startup Repair 
e Missing NTLDR 
— The main Windows boot loader is missing 
— Run Startup Repair or replace manually 
and reboot 
— Disconnect removable media 
e Missing operating system 
— Boot Configuration Data may be incorrect 
— Run Startup Repair or manually configure 
BCD store 


e Boots to Safe Mode 
— Windows is not starting normally 
— Run Startup Repair 


Starting the system 

e Device not starting 
— Check Device Manager and Event Viewer 
— Often a bad driver 
— Remove or replace driver 


e “One or more services failed to start” 
— Bad/incorrect driver, bad hardware 
— Try starting manually 
— Check account permissions 
— Confirm service dependencies 
— Windows service; check system files 
— Application service; reinstall application 


Applications crashing 

e Application stops working 
— May provide an error message 
— May just disappear 


e Check the Event Log 
— Often includes useful reconnaissance 


e Check the Reliability Monitor 
— A history of application problems 
— Checks for resolutions 


e Reinstall the application 
— Contact application support 


Low memory warnings 
* Your computer is low on memory 
— Applications need RAM to run 
— More applications need more RAM 


e Close large-memory processes 
— Check Task Manager 


e Increase virtual memory 
— More room for swapping applications 


— System > About > Advanced system settings > 


Performance > Settings > Virtual memory 


USB controller resource warnings 
e USB devices contain buffers called “endpoints” 
— Different USB controllers support a different 
number of endpoints 
— (96 endpoints, 254 endpoints, etc.) 


e Different devices require a different number of endpoints 
— Exceed the number of endpoints and you 
run out of resources 
— It’s difficult to determine the number of 
endpoints used by a device 


e The controller does not have enough resources 
for this device. 
— The endpoints are these resources 


e Move the device to a different USB interface 
— USB 2.0 interfaces might support a larger 
number of endpoints 


e Match the USB interface to the device capabilities 
— USB 2.X devices or USB 3.X devices 
— More endpoints for all devices 


System instability 
e General system failures 
— Software errors, system hangs, application failures 


e Time for a full diagnostic - This could be anything 


e Hardware diagnostic 
— Most systems include manufacturer diagnostics 
— Also run storage and memory checks 


e Check the operating system 
— Run SFC (System File Checker) 
— Perform an anti-malware scan 


Slow profile load 

e Roaming user profile 
— Your desktop follows you to any computer 
— Changes are synchronized 


e Network latency to the domain controller 
— Slows login script transfers 
— Slow to apply computer and user policies 
— May require many hundreds (or thousands) of LDAP 
queries 


e Client workstation picks a remote domain controller 
instead of local DC 
— Problems with local infrastructure 


Time drift 
e A computer's internal clock will drift over time 
— Computers aren't great timekeepers 


e The solution is to fix the symptom 
— Fixing the problem would require changing the design 
of every computer 


e Enable automatic time setting 
— Settings > Time & language > Date & time 
— Time zone may need to be configured manually if 
privacy settings are enabled 
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3.1 - Troubleshooting Solutions 


Reboot 
e Have you tried turning it off and on again? 
— There's a reason it works 


e Bug in your router software - Reboot the router 


e Application is using too many resources 
— Stops the app 


e Memory leak slowly consumes all available RAM 
— Clears the RAM and starts again 


Restart services 

e Services 
— Applications that run in the background 
— No user interaction 


e Similar issues as a normal process 
— Resource utilization 
— Memory leaks 
— Crashes 


* View status in Task Manager 
— Services tab 
— Right-click to start, stop, or restart 


Uninstall/reinstall/update applications 
* Application issues 
— Problems with the application files or configurations 


* Settings > Apps > Apps & features 
— Repair, reset, or uninstall 


e Some options in the Control Panel 
— Programs and Features 


* Run the application setup again 
— Other options may be available from the setup 
program 
* Repair 
— Install missing files 
— Replace corrupted files 
— Fix application shortcuts 
— Repair registry entries 
— Update or reconfigure drivers 
* Reset 
— Remove all application data 
— A factory reset / original install 


* Uninstall - Remove the application 


Verify requirements 

* Every operating system and application publishes 
a set of requirements 
— These are commonly the bare minimums 


* Check with the manufacturer 
— Get the official requirements 


* Hardware and software resources 
— CPU speed, total RAM, video options, 
device drivers, runtime libraries 
* Use System Information 
— View the current configuration 
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Add resources 
e Check resource utilization 
— Task Manager 


* Consider a long-term analysis 
— Performance Monitor 


* Compare existing resources with manufacturer 
requirements 
— Add or replace hardware (CPU, SSD, RAM) 


* Free drive space 
— Disk Cleanup 


System file checker 
* Verify the integrity of the operating system 
— Check every important system file with s£c 


Startup Repair 
e Start from Settings 
— Settings > System > Recovery 


* Also available from the 
— Advanced Boot Options 
— Repair Windows 


Windows Restore 
e Start the System Restore application 
— System » About » System Protection 
— This assumes you've not disabled restore points 


* Pick a restore point and let the system reboot 
— The operating system configuration will revert to 
the previous date and time 
— User data will not be modified 


Reimage or reload OS 
e Windows is big 
— And complex 


* Spend time trying to find the needle 
— Or simply build a new haystack 


* Many organizations have prebuilt images 
— Don't waste time researching issues 


e Windows includes a reset option 
— Windows 10: Settings > 
Update & Security » Recovery 
— Windows 11: Settings » System » Recovery 


Update and patch 
e Windows Update 
— Centralized OS and driver updates 


* Lots of flexibility 

— Change active hours 

— Manage metered connections 
* Applications must be patched 


— Security issues don't stop at the OS 
— Download from the publisher 
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3.1 - Troubleshooting Solutions (continued) 


Roll back updates 
e Updates are installed automatically by default 
— Important security patches 


e View the history 
— Windows 10: 
— Settings > Update & Security > 
— Windows Update 
— Windows 11: 
— Settings > Windows Update 


Rebuild Windows profiles 

e Profiles can become corrupted 
— The User Profile Service failed the logon. 
— User Profile cannot be loaded. 
— User documents may be “missing” 

e |f a profile doesn't exist, it’s recreated 


— We're going to delete the profile and force 
the rebuilding process 


Deleting Windows profiles 
e Login to the computer with Domain Administrator rights 
e Rename the \Users\name folder - This will save important files 
e Backup the user's registry 

— HKLM\SOFTWARE\Microsoft\Windows NT\ 

CurrentVersion\ProfileList 

— Right-click / Export 
* Delete the registry entry 

— You have a backup - Restart the computer 
Reconstructing Windows profiles 
e Login to the computer with the user account 

— The profile will be rebuilt 

— This will recreate the \Users\name folder 
e Login as Domain Administrator 

— Copy over any important files from the old profile 
e Do not copy the entire profile 


— Corrupted files might exist in the old profile 


e Logout as Domain Administrator, login with the user account 


3.2 - Troubleshooting Security Issues 


Unable to access the network 
e Slow performance, lock-up 
— Malware isn’t the best written code 


e Internet connectivity issues 
— Malware likes to control everything 
— You go where it wants you to go 
— You can’t protect yourself if you can’t download 


e OS updates failures 
— Malware keeps you vulnerable 
— Some malware uses multiple communication paths 


e Reloador clean 
— Malware cleaner or recover from known good backup 


Desktop alerts 
e Browser push notification messages 
— Pretends to be a malware infection 
— Actual notifications come from your antivirus utility 


e Disable browser notifications 
— Create an allow list of legit sites 


e Scan for malware 
— Consider a cleaning 
— Rebuild from scratch or known good backup to 
guarantee removal 


False antivirus alerts 
e False antivirus message 


e May include recognizable logos and language 
— May require money to “unlock” your PC 
— Or to “subscribe” to their service 

e Often requires a specific anti-malware removal 
utility or technique 
— The attackers are very, very good 
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Altered system or personal files 
e Renamed system files - Won't need that anymore 


* Files disappearing - Or encrypted 
e File permission changes - Protections are modified 


e Access denied 
— Malware locks itself away 
— It doesn’t leave easily 


e Use a malware cleaner or 
restore from known good backup 
— Some malware is exceptionally difficult to remove 


Browser security alerts 
e Security alerts and invalid certificates 
— Something isn’t quite right 
— Should raise your interest 
e Look at the certificate details 
— Click the lock icon 
— May be expired or the wrong domain name 
— The certificate may not be properly signed 
(untrusted certificate authority) 
— Correct time and date is important 


Browser redirection 

e Instead of your Google result, 
your browser goes somewhere else 
— This shouldn't ever happen 


e Malware is the most common cause 
— Makes money for the bad guys 

e Use an anti-malware/anti-virus cleaner 
— This is not the best option 

e Restore from a good known backup 
— The only way to guarantee removal 
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3.3 - Removing Malware 


Malware removal 
e This is almost never the best practice 
— It’s impossible to know if all of the malware 
has been removed 


e Ideally, you should delete everything and start over 
— Restore from a known-good backup 
— Install from the original media 


e There are reasons to remediate 
— Important user documents may need to be recovered 
— Get the system running well enough to 
backup certain files 


1. Verify malware symptoms 
e Odd error messages 
— Application failures, security alerts 
e System performance issues 
— Slow boot, slow applications 
e Research the malware 
— Know what you're dealing with 


2. Quarantine infected systems 
e Disconnect from the network 
— Keep it contained 


e Isolate all removable media 
— Everything should be contained 


e Prevent the spread 


System Properties 


4b. Remediate: Scan and remove 
e Safe mode 
— Load the bare minimum operating system 
— Just enough to get the OS running 
— Can also prevent the bad stuff from running 
e Pre-installation environment (WinPE) 
— Recovery Console, bootable CD/DVDs/USBs 
— Build your own from the Windows 
— Assessment and Deployment Kit (ADK) 
e May require the repair of boot records and sectors 


5. Schedule scans and run updates 
e Built into the antivirus software 
— Automated signature updates and scans 


e Task scheduler 
— Run any task 
e Operating system updates 
— Make sure its enabled and working 
6. Enable System Protection 
e Now you're clean 
— Put things as they were 
e Create a restore point 
— Start populating again 


— System Protection for Local Disk (C:) 


— Don't transfer files, don't try to backup 
— That ship sailed 


| Computer Name Hardware Advanced System Protection Remote 


Restore Settings 


K Use system protection to undo unwanted system changes. 


By enabling system protection, you can undo undesired changes by 
reverting your computer to a previous point in time. 


3. Disable System Restore 
* Restore points make it easy to rewind 
— Malware infects restore points 


System Restore 


Protection Settings 


* Disable System Protection 
— No reason to save an infected config 


Available Drives 


* Delete all restore points 
— Remove all infection locations 


4a. Remediate: Update anti-virus NI e O 


e Signature and engine updates 
— The active anti-virus engine 
— Signature updates 
— A very, very tiny shell life 


e Automatic vs. manual 
— Manual updates are almost pointless 


e Your malware may prevent the update process 
— Copy from another computer 


4b. Remediate: Scan and remove 
e Microsoft and others - The big anti-virus apps 
e Malware-specific - 
— Scan and remove difficult malware 
e Stand-alone removal apps 
— Check with your anti-virus company 
e There's really no way to know if it’s really gone 
— Delete and rebuild 


You can undo system changes by reverting 
your computer to a previous restore point. 


e Local Disk (C:) (System) 


Configure restore settings, manage disk space, and 
delete restore points. 
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© Tum on system protection 


© Disable system protection 
System Restore... 


Disk Space Usage 
Protection You can adjust the maximum disk space used for system protection. As 
on space fills up, older restore points will be deleted to make room for new 


ones. 


Current Usage: 6.88 GB 


Configure... Max Usage: y 


4% (10.00 GB) 


Delete all restore points for this drive. 
Delete 


7. Educate the end user 
* One on one 
— Personal training 
* Posters and signs 
— High visibility 
* Message board posting 
— The real kind 
* Login message 
— These become invisible 


* |ntranet page 
— Always available 
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3.4 - Troubleshooting Mobile Devices 


App issues 
e Problematic apps 
— Apps not loading 
— Slow app performance 


e Restart the phone 
— Hold power button, power off 


e Stop the app and restart 
— iPhone: Double-tap home|slide up, slide app up 
— Android: Settings/Apps, select app, Force stop 


e Update the app - Get the latest version 


App fails to close or crashes 
e App hangs 
— But other apps are still working 
e App crashes 
— May provide an error message, or just disappear 


e Restart the device 
— Clear the slate, try the app again 


e Update the app 
— A bug fix might resolve the issue 


e Delete and reinstall the app 
— Be careful not to remove important app data 


App fails to update 
e App does not update to a new version 
— But other apps are still working 


e Check the Store to manually upgrade 
— Force the upgrade process 
— Some stores require a valid method of payment on file 


e Restart the device 
— Try the update process again 


OS fails to update 
* Device operating system will not update 
— New features, bug fixes, security updates 


e Check available storage 
— Remove unused documents and apps 


e Check download bandwidth 
— Connect to Wi-Fi 


e Try a different network connection 
— Update server may not be accessible 


e Reboot - Always a good idea 


Battery life issues 
e Bad reception 
— Always searching for signal 
— Airplane mode on the ground 
e Aging battery 
— There's only so many recharges 
e Disable unnecessary features 
— 802.11 wireless, Bluetooth, GPS 
e Check application battery usage 
— iOS: Settings/Battery 
— Android: Settings/Battery 
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Random reboots 
e A device reboots during normal operation 
— May occur randomly 


e Check the OS and app versions 
— Keep everything up to date 


e Perform a hardware check 
— Check the battery health 
— Not many diagnostics options 


e Contact Tech Support for options 
— Crash logs should be on the device 


Connectivity issues 

e Intermittent connectivity 
— Move closer to access point 
— Try a different access point 


e No WiFi connectivity 
— Check/Enable WiFi 
— Check security key configuration 
— Hard reset can restart wireless subsystem 


e No Bluetooth connectivity 
— Check/Enable Bluetooth 
— Check/Pair Bluetooth component 
— Hard reset to restart Bluetooth subsystem 


e NFC not working 
— Limited troubleshooting options 
— Device may allow disable/enable of NFC 
— Reset the device 
— If payment related, remove and add the card again 


e AirDrop not working 
— Distance between devices < 30 feet 
— Turn on Wi-Fi and Bluetooth 
— Check AirDrop discovery options 
— “Allow me to be discovered by” 


Screen does not autorotate 
e Turning the device doesn't rotate the view 
— It should know which way is up 
e Disable rotation lock 
— Prevents autorotation when enabled 
e Restart the app 
— The device might be working properly 
e Restart the device 
— Perhaps the device isn’t working properly 
e Contact device support 
— If nothing rotates, you could have a sensor issue 
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3.5 - Troubleshooting Mobile Device Security 


Android package source 


e Once malware is on a phone, it has a huge amount of access 


— Don't install APK files from an untrusted source 
e iOS 

— All apps are curated by Apple 
e Android 


— Apps can be downloaded from Google Play or sideloaded 


— This is where problems can occur 


Developer mode 

e Enables developer-specific settings 
— USB debugging 
— Memory statistics 
— Demo mode settings 


e iOS and iPadOS 
— Enable using Xcode 
— Must use macOS 


e Android 
— Enabled from Settings > About Phone 
— Tap the build number seven times 


Root access/jailbreaking 
e Mobile devices are purpose-built systems 
— You don’t need direct access to the operating system 


e Gaining access 
— Android - Rooting 
— Apple iOS - Jailbreaking 
e Install custom firmware 
— Replaces the existing operating system 


e Uncontrolled access 
— Circumvent security features, sideload apps without 
using an app store 
— The MDM becomes relatively useless 


Application spoofing 
e Install what appears to be a legitimate app 
— Actually a bootleg or malicious application 


e Google removed 150 apps from the store in 2021 
— Photo editing, camera filters, games, QR code scanners 
— UltimaSMS app tried to subscribe users to 
$40/month SMS service 


* Infect the application used to build the apps 
— A malicious version of Xcode: XcodeGhost malware 


* Always check the source of a download 
— And the legitimacy of the app 
— You are giving this app permissions and control 


High network traffic 

* Higher than normal network use 
— May indicate installed malware 
— Command & control 
— Proxy network use 


* Check built-in data use reports 
— Some of these are quite detailed 
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e Use a third-party reporting app 
— Use a trusted source 

e Run a malware scan 
— Always a good precaution 


Data-usage limit notification 


e Built-in Android feature 
— Not native in iOS 


e Set a warning and limit 
— Get notification when traffic is excessive 


e Can indicate a malware infection 
— Drill-down on individual app usage 


e Run a malware scan 
— Find the problem app 


Sluggish response time 
e Running slowly 

— Screen lags, poor input response time 
e Restart 

— Clear the slate 


e Check for OS and app updates 
— Fix the buggy code 


e Close apps that are not in use 
— Less resources to manage 


e Factory reset 
— A last chance to resolve the problem 


Limited or no Internet connectivity 
e Malware doesn’t want to be removed 
— It will prevent access to network resources 


e Disable and enable Wi-Fi 
— Or enable/disable airplane mode 


e Restart the device 
— Clear memory and reload drivers 


e Perform a malware scan 
— Find and remove 


High number of ads 
e Malware wants to show you advertising 
— Revenue for each view and click 


e May be difficult to find 
— 2019: Ads Blocker for Android promised to 
remove ads 
— Actually did the opposite 
— Once installed, wasn’t listed in available apps 
— FakeAdsBlock malware strain 


e Run anti-malware utility 
— Remove the adware 
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3.5 - Troubleshooting Mobile Device Security (continued) 


Fake security warnings 
e The easiest way to get on a phone 
— Have the user install their own malware 


e The warnings seem legitimate 
— They are not actual security issues 
— Do not install any software 
e Malware can directly access user data 
— Steals credit card details, stored passwords, 
browsing history, text messages 
e Don’t click - If you click, run a malware removal tool 
Unexpected application behavior 
e Apps unexpectedly close - Or have excessive delays 
e App doesn’t seem to have all of the normal features 
— Or included features are not working 
e High battery utilization 
— Only when this application is running 
e Update the app - Get the latest version 


Leaked personal files 
e Unauthorized account access 
— Unauthorized root access 
— Leaked personal files and data 


e Determine cause of data breach 
— Perform an app scan, run anti-malware scan 


e Factory reset and clean install 
— This is obviously a huge issue 


e Check online data sources 
— Apple iCloud/Apple Configurator, Google Workspace, 
Microsoft OneDrive 
— Change passwords 


4.1 - Ticketing Systems 


Ticketing systems 
e The best way to manage support requests 
— Document, assign, resolve, report 


e Usually a responsibility of the help desk 
— Take the calls and triage 


e Determine the best next step 
— Assign the ticket and monitor 


e There are many different ticketing systems 
— They're all very similar in function 


Managing a support ticket 
e Information gathering 
— User and device information 
— Problem description 
e Applying context 
— Categorization of the problem 
— Assign severity 
— Determine if escalation is required 
e Clear and concise communication 
— Problem description, progress notes, 
resolution details 


User information 
e You can't address a person's problem unless 
you know who has the issue 
— Add the name of the person reporting the problem 


e Usually integrated into a name service 

— Active Directory or similar 
e May be added automatically 

— Many issues arrive from a portal or email gateway 
e Always confirm the contact information 

— The database may not be up to date 
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Device and description 
e Device information 
— Laptop, printer, conference room projector, etc. 


e Description 
— One of the most important fields in the ticket 
— Make the description clear and concise 


e The description determines the next step 
— Call back for more information 
— Associate with another event 
— Assign to another person 


Categorization and escalation 
e Categories 
— Broad description 
— Change request, hardware request, 
problem investigation, hardware failure, 
onboarding/offboarding, etc. 


* Severity 
— Often an established set of standards 
— Low, medium, high, critical 
* Escalation levels 
— Difficult problems can be handled by a specialist 
— Escalate to a new tier or to a specific group 


Resolving the issue 

* Progress notes 
— Many people may read and/or work on a single ticket 
— Keep the progress information concise 
— Document any changes or additional information 


* Problem resolution 
— Document the solution 
— May be referenced later by others with the same problem 
— A "live" knowledgebase of issues and resolutions 


https://www.ProfessorMesser.com 


© 2022 Messer Studios, LLC 


4.1 - Asset Management 


Asset management 
e A record of every asset 
— Laptops, desktops, servers, routers, switches, cables, 
fiber modules, tablets, etc. 


e Associate a support ticket with a device make and model 
— Can be more detailed than a user’s description 


e Financial records, audits, depreciation 
— Make/model, configuration, purchase date, location, 
etc. 


* Add an asset tag 


— Barcode, RFID, visible tracking number, 
organization name 


Asset database 
e A central asset tracking system 

— Used by different parts of the organization 
* Assigned users 


— Associate a person with an asset 
— Useful for tracking a system 


e Warranty 

— A different process if out of warranty 
* Licensing 

— Software costs 

— Ongoing renewal deadlines 


Procurement life cycle 
* The purchasing process 
— Multi-step process for requesting and obtaining 
goods and services 


e Start with a request from the user 
— Usually includes budgeting information and formal 
approvals 


* Negotiate with suppliers 
— Terms and conditions 
— Purchase, invoice, and payment 
— The money part 


4.1 - Document Types 


Acceptable use policies (AUP) 
e What is acceptable use of company assets? 
— Detailed documentation 
— May be documented in the Rules of Behavior 


* Covers many topics 


- Internet use, telephones, computers, mobile devices, etc. 


* Used by an organization to limit legal liability 
— If someone is dismissed, these are the 
well-documented reasons why 


Network topology diagram 
* Describes the network layout 
— May be a logical diagram 
— Can include physical rack locations 


Compliance 
* Compliance 
— Meeting the standards of laws, policies, and regulations 
* A healthy catalog of rules 
— Across many aspects of business and life 
— Many are industry-specific or situational 
* Penalties - Fines, loss of employment, incarceration 
* Scope - Domestic and international requirements 
Splash screens 
* A message, logo, or graphic shown during startup or login 
— Can be used for branding or to require compliance 
* Can be informational 
— Maintenance notifications or system changes 
* May be required for legal or administrative purposes 
— Warnings about system misuse 
— Information about relying on application data 


Incident reports 

* Security policy 
— An ongoing challenge 
— Documentation must be available 
— No questions 


* |ncidents are ongoing 
— Organizations have formal incident plans 


* Reports and documentation 
— Details of any security incident 
— Create a reference for future incidents 


Standard operating procedures 
* Organizations have different business objectives 
— Processes and procedures 


* Operational procedures 
— Downtime notifications, facilities issues 


e Software installation and upgrades 
— Custom installation of a software package 
— Testing, change control 


* Documentation is the key 
— Everyone can review and understand the policies 


On-boarding 
* Bring a new person into the organization 
— New user setup checklist 


* |T agreements need to be signed 

— May be part of the employee handbook or 

a separate AUP 

* Create accounts 

— Associate the user with groups and departments 
* Provide required IT hardware 

— Laptops, tablets, etc. 

— Preconfigured and ready to go 
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4.1 - Document Types (continued) 


Off-boarding 
e All good things... 
— End-user termination checklist 


e This process should be predefined 
— You don’t want to decide how to do things at this point 


e What happens to the hardware? 
e What happens to the data? 


e Account information is usually deactivated 
— But not always deleted 


Knowledge base and articles 
e External sources 


— Manufacturer knowledge base 
— Internet communities 


e Internal documentation 


— Institutional knowledge 
— Usually part of help desk software 


e Find the solution quickly 


— Searchable archive 
— Automatic searches with helpdesk ticket keywords 


4.2 - Change Management 


Change management 
e How to make a change 
— Upgrade software, patch an application, change firewall 
configuration, modify switch ports 


e One of the most common risks in the enterprise 
— Occurs very frequently 


e Often overlooked or ignored 
— Did you feel that bite? 


e Have clear policies 
— Frequency, duration, installation process, rollback 
procedures 


e Sometimes extremely difficult to implement 
— It's hard to change corporate culture 


Rollback plan 
e The change will work perfectly and nothing will ever go bad 
— Of course it will 


e You should always have a way to revert your changes 
— Prepare for the worst, hope for the best 


e This isn’t as easy as it sounds 
— Some changes are difficult to revert 


e Always have backups 


Sandbox testing 

e Isolated testing environment 
— No connection to the real world or production system 
— A technological safe space 


e Use before making a change to production 

— Try the upgrade, apply the patch 

— Test and confirm before deployment 
e Confirm the rollback plan 

— Move everything back to the original 

— A sandbox can't consider every possibility 
Responsible staff members 
e A team effort - Many different parts of the organization 
e IT team - Implements the change 
e Business customer - The user of the technology or software 
e Organization sponsor 

— Someone’s budget is responsible for the process 

— Or responsible for the profit 
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Change management process 
e A formal process for managing change 
— Avoid downtime, confusion, and mistakes 


e Nothing changes without the process 
— Complete the request forms 
— Determine the purpose of the change 
— Identify the scope of the change 
— Schedule a date and time of the change 
— Determine affected systems and the impact 
— Analyze the risk associated with the change 
— Get approval from the change control board 
— Get end-user acceptance after the change is 

complete 


Change request forms 

e A formal process always seems to include a bit of 
paperwork 
— This is usually an online system 


e Nothing gets missed 
— Easy to manage 
— Create detailed reports and statistics 


e Usually a transparent process 
— Many different groups and people are usually 
involved 


Purpose of the change 
e Why are we doing this? 

— There needs to be a compelling reason 
e Application upgrades 

— New features 

— Bug fixes 

— Performance enhancements 
e Security fixes 

— Monthly patches and vulnerability fixes 
e There needs to be a good reason 

— Changes are costly 
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4.2 - Change Management (continued) 


Scope of the change 

e Determine the effect of the change 
— May be limited to a single server 
— Or an entire site 


e A single change can be far reaching 
— Multiple applications, Internet connectivity, 
remote site access, external customer access 


e How long will this take? 
— Specific date and time for the change 
— May have no impact, could have hours of downtime 


Risk analysis 
e Determine a risk value - i.e., high, medium, low 


e The risks can be minor or far-reaching 
— The “fix” doesn't actually fix anything 
— The fix breaks something else 
— Operating system failures 
— Data corruption 
e What's the risk with NOT making the change? 
— Security or application vulnerability 
— Unexpected downtime to other services 


Change board and approvals 
e Go or no go 
— Lots of discussion 


* All important parts of the organization are represented 
— Potential changes can affect the entire company 


e Some changes have priority 
— The change board makes the schedule 
— Some changes happen quickly, some take time 


* This is the last step 
— The actual work comes next 


End-user acceptance 
* Nothing happens without a sign-off 
— The end users of the application / network 


* One of your jobs is to make them successful 
— They ultimately decide if a change is worth it to them 


* |deally, this is a formality 
— Of course, they have been involved 
throughout this entire process 
— There's constant communication before and after 


4.3 - Managing Backups 


Backups 

* Incredibly important 
— Recover important and valuable data 
— Plan for disaster 


* Many different implementations 
— Total amount of data 
— Type of backup 
— Backup media 
— Storage location 
— Backup and recovery software 
— Day of the week 


Full Backup 
* Backup everything 
— All operating system and user files 


* This is usually the longest 
backup process 
— It’s everything in one backup 


* Might be impractical every day 


Full 
Backup 


— Long backup times 


Monday Tuesday Wednesday Thursday Recovery 
— Lots of storage space 
Incremental Backup = 
* A full backup is taken first Incremental 


e Subsequent backups contain 
data changed since the last full 
backup and last incremental backup 
— These are usually smaller 
than the full backup 


e A restoration requires the full backup 
and all of the incremental backups 


— —— 


Incremental 


Monday 


Tuesday Wednesday Thursday 


Recovery 
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4.3 - Managing Backups (continued) 


Differential backup 
e A full backup is taken first 
— Subsequent backups contain data 
changed since the last full backup 
— These usually grow larger as 
data is changed 


Ec =a 


e A restoration requires the full backup 
and the last differential backup 


Monday Tuesday | Wednesday Thursday Recovery 


Synthetic backup 
e Create a full backup 
— Without actually performing a full backup 


e Synthetic backup 
— The first full backup copies every file 
— Subsequent full backups are created from 
previous backups 


e Can be faster and less bandwidth intensive 
— The advantage of a full backup 


Backup testing Grandfather-father-son (GFS) 
e It's not enough to perform the backup e Three separate backup rotations 
— You have to be able to restore — Monthly, weekly, daily 
e Disaster recovery testing e Twelve monthly full backups (grandfather) 
— Simulate a disaster situation — A good choice for offsite storage 
— Restore from backup e Four (or five) weekly full backups (father) 
e Confirm the restoration — Depends on which day of the month is selected 
— Test the restored application and data e Thirty-one daily incremental or differential backups (son) 
* Perform periodic audits — Backup any daily changes 
— Always have a good backup GFS backup schedule 
— Weekly, monthly, quarterly checks e Choose a rotation 
On site vs. off site backups — Every organization is different 
* On site backups * Grandfather 
— No Internet link required — Last day of every month 


— Data is immediately available 


. Fath 
— Generally less expensive than off site ° de Monday 
* Off site backups e Son 


— Transfer data over Internet or WAN link 
— Data is available after a disaster 


— Restoration can be performed from anywhere 3-2-1 backup rule 
e A popular and effective backup strategy 


— For business or home use 


— Monday through Friday 


e Organizations often use both 


— More copies of the data 
— More options when restoring ° 3 copies of data should always be available 


— One primary copy and two backups 

e 2 different types of media should be used 
— Local drive, tape backup, NAS 

e 1 copy of the backup should be offsite 
— Offsite storage, cloud backup 
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4.4 - Managing Electrostatic Discharge 


What is electrostatic discharge? 
Static electricity 
— Electricity that doesn’t move 


e Static electricity isn’t harmful to computers 
— It’s the discharge that gets them 


e ESD can be very damaging to computer components 
— Silicon is very sensitive to high voltages 


e Feel static discharge: “3,500 volts 
— Damage an electronic component: 100 volts or less 


Controlling ESD 
e Humidity over 60% helps control ESD 
— Won't prevent all possible ESD 
— Keeping an air conditioned room at 60% humidity 
isn’t very practical 


e Use your hand to “self-ground” 
— Touch the exposed metal chassis before 
touching a component 
— You'll want to unplug the power connection 
— Always. Really. 


e Do not connect yourself to the ground 
of an electrical system! 


Preventing static discharge 
e Anti-static strap 
— Connect your wrist to a metal part of the computer 
e Anti-static pad 
— A workspace for the computer 
e Anti-static mat 
— A mat for standing or sitting 
e Anti-static bag 
— Safely move or ship components 


Component handling and storage 
e Try not to touch components directly 

— Card edges only 
e Store in an HVAC regulated environment 

— Between 50 and 80 degrees Fahrenheit 

or 10 to 27 degrees Celsius 

e Avoid high humidity 

— Silica gel packets can help control humidity 
e Store in the original padded box 

— Bubble wrap can be a good alternative 


4.4 - Safety Procedures 


WARNING 
e Power is dangerous 
e Remove all power sources before working 
e Don't touch ANYTHING if you aren't sure 
e Replace entire power supply units 
— Don't repair internal components 
e High voltage 
— Power supplies, displays, laser printers 
Equipment grounding 
e Most computer products connect to ground 
— Divert any electrical faults away from people 


e Also applies to equipment racks 
— Large ground wire 

e Don’t remove the ground connection 
— It’s there to protect you 


e Never connect yourself to the ground of an electrical system 
— This is not a way to prevent ESD 
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Personal safety 

e Lifting technique 
— Lift with your legs, keep your back straight 
— Don't carry overweight items 
— You can get equipment to lift 


* Electrical fire safety 
— Don't use water or foam 
— Use carbon dioxide, FM-200, 
or other dry chemicals 
— Remove the power source 


e Safety goggles 
— Useful when working with chemicals 
— Printer repair, toner, batteries 


* Air filter mask 
— Dusty computers 
— Printer toner 


Local government regulations 

* Health and safety laws 
— Vary widely depending on your location 
— Keep the workplace hazard-free 


* Building codes 

— Fire prevention, electrical codes 
* Environmental regulation 

— High-tech waste disposal 
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4.5 - Environmental Impacts 


Disposal procedures 
e Read your Material Safety Data Sheets (MSDS) 
— United States Department of Labor, 


— Occupational Safety and Health Administration (OSHA) 


— https://www.osha.gov, Index page 
e Provides information for all hazardous chemicals 
— Batteries, display devices / CRTs, 
chemical solvents and cans, toner and ink cartridges 
e Sometimes abbreviated as Safety Data Sheet (SDS) 
— Different names in each country 
MSDS info 
e Product and company information 
e Composition / ingredients 
e Hazard information 
* First aid measures 
* Fire-fighting measures 
* Accidental release / leaking 
* Handling and Storage 
* Much more 
Handling toxic waste 
* Batteries 
— Uninterruptible Power Supplies 
— Dispose at your local hazardous waste facility 
* Toner 
— Recycle and reuse 
— Many printer manufacturers provide a return box 


— Some office supply companies will provide a discount 
for each cartridge 
* Other devices and assets 
— Refer to the MSDS 
— Don't throw out without clear directions 


Room control 

* Temperature 
— Devices need constant cooling 
— So do humans 


* Humidity level 
— High humidity promotes condensation 
— Low humidity promotes static discharges 
— 5096 is a good number 


* Proper ventilation 
— Computers generate heat 
— Don't put everything in a closet 


Battery backup 
* Uninterruptible Power Supply 
— Backup power 
— Power failures, under-voltage events, surges 


e UPS types 
— Standby UPS 
— Line-interactive UPS 
— On-line UPS 


* Features 
— Auto shutdown, battery capacity, outlets, 
phone line suppression 


Surge suppressor 

* Not all power is "clean" 
— Self-inflicted power spikes and noise 
— Storms, power grid changes 


* Spikes are diverted to ground 


* Noise filters remove line noise 
— Decibel (Db) levels at a specified frequency 
— Higher Db is better 


Surge suppressor specs 
* Joule ratings 
— Surge absorption 
— 200=good, 400-better 
— Look for over 600 joules of protection 
* Surge amp ratings 
— Higher is better 
* UL 1449 voltage let-through ratings 
— Ratings at 500, 400, and 330 volts 
— Lower is better 


4.6 - Privacy, Licensing, and Policies 


Incident response: Chain of custody 
* Control evidence - Maintain integrity 


* Everyone who contacts the evidence 

— Avoid tampering, use hashes 
* Label and catalog everything 

— Seal, store, and protect - Use digital signatures 
Incident response: First response 
* |dentify the issue - Logs, in person, monitoring data 
* Report to proper channels 

— Don't delay 


— May include internal management and law enforcement 


* Collect and protect information relating to an event 


— Many different data sources and protection mechanisms 
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Incident response: Copy of drive 
* Copy the contents of a disk 
— Bit-for-bit, byte-for-byte 
* Remove the physical drive 
— Use a hardware write-blocker 
— Preserve the data 
e Software imaging tools 
— Use a bootable device 
* Use hashes for data integrity 
— Drive image is hashed to ensure 
that data has not been modified 
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4.6 - Privacy, Licensing, and Policies (continued) 


Incident response: Documentation 
e Document the findings 
— For Internal use, legal proceedings, etc. 
e Summary information 
— Overview of the security event 
e Detailed explanation of data acquisition 
— Step-by-step method of the process 


e The findings - An analysis of the data 


e Conclusion - Professional results, given the analysis 


Software licenses 
e Most software includes a license 
— Terms and conditions 


— Overall use, number of copies, and backup options 


e Valid licenses 
— Per-seat or concurrent 


e Non-expired licenses 
— Ongoing Subscriptions 
— Annual, three-year, etc. 
— Use the software until the expiration date 


Licenses 
e Personal license 
— Designed for the home user 
— Usually associated with a single device 
— Or small group of devices owned 
by the same person 
— Perpetual (one time) purchase 


e Corporate use license 
— Per-seat purchase / Site license 
— The software may be installed everywhere 
— Annual renewals 


Open source license 
e Free and Open Source (FOSS) 
— Source code is freely available 
— End user can compile their own executable 


e Closed source / Commercial 
— Source code is private 
— End user gets compiled executable 


e End User Licensing Agreement (EULA) 
— Determines how the software can be used 


Regulating credit card data 
e Payment Card Industry 
— Data Security Standard (PCI DSS) 
— A standard for protecting credit cards 


e Six control objectives 


— Build and Maintain a Secure Network and Systems 


— Protect Cardholder Data 


— Maintain a Vulnerability Management Program 


— Implement Strong Access Control Measures 
— Regularly Monitor and Test Networks 
— Maintain an Information Security Policy 


Personal government-issued information 
e Used for government services and documentation 
— Social security number, driver license 


e There may be restrictions on collecting or storing 
government information - Check your local regulations 


e U.S. Office of Personnel Management (OPM) 
— Compromised personal identifiable information 
— Personnel file information; name, SSN, date of birth, 
job assignments, etc. 
— July 2015 - Affected ~21.5 million people 


PII - Personally identifiable information 
e Any data that can identify an individual 
— Part of your privacy policy - How will you handle PII? 


e Not everyone realizes the importance of this data 
— It becomes a “normal” part of the day 
— It can be easy to forget its importance 


e Attackers use PII to gain access or impersonate 
— Bank account information 
— Answer badly-written password-reset questions 


GDPR - General Data Protection Regulation 
* European Union regulation 
— Data protection and privacy for individuals in the EU 
— Name, address, photo, email address, bank details, 
posts on social networking websites, medical information, 
a computer's IP address, etc. 


* Controls export of personal data 
— Users can decide where their data goes 


* Gives individuals control of their personal data 
— A right to be forgotten, right of erasure 

* Site privacy policy 
— Details all of the privacy rights for a user 


PHI - Protected Health Information 
* Health information associated with an individual 
— Health status, health care records, payments for 
health care, and much more 


* Data between providers 
— Must maintain similar security requirements 


* HIPAA regulations 
— Health Insurance Portability and Accountability Act of 1996 


Data retention requirements 
* Keep files that change frequently for version control 
— Files change often - Keep at least a week, perhaps more 


* Recover from virus infection 
— |nfection may not be identified immediately 
— May need to retain 30 days of backups 


* Often legal requirements for data retention 
— Email storage may be required over years 
— Some industries must legally store certain data types 
— Different data types have different storage requirements 
— Corporate tax information, customer PII, tape backups, etc. 
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4.7 - Communication 


Communication skills 
e One of the most useful skills for the troubleshooter 


e One of the most difficult skills to master 
e A skilled communicator is incredibly marketable 
Avoid jargon 
e Abbreviations and TLAs 
— Three Letter Acronyms 


e Avoid acronyms and slang 
— Be the translator 


e Communicate in terms that everyone can understand 
— Normal conversation puts everyone at ease 
— Decisions are based on what you say 


e These are the easiest problems to avoid 


Maintain a positive attitude 

e Positive tone of voice 
— Partner with your customer 
— Project confidence 


e Problems can't always be fixed 
— Do your best 
— Provide helpful options 
* Your attitude has a direct impact on the 
overall customer experience 
Avoid interrupting 
e But | know the answer! 
* Why do we interrupt? 
— We want to solve problems quickly 
— We want to show how smart we are 


* Actively listen, take notes 
— Build a relationship with the customer 
— They'll need help again someday 
— Don't miss a key piece of information 
— Especially useful on the phone 


e This skill takes time to perfect 
— The better you are, the more time you'll save later 


Clarify customer statements 
* Ask pertinent questions 
— Drill-down into the details 
— Avoid an argument 
— Avoid being judgmental 


* Repeat your understanding of the problem 
back to the customer 
— Did | understand you correctly? 


* Keep an open mind 
— Ask clarifying questions, even if the issue 
seems obvious 
— Never make assumptions 


Setting expectations 
e Offer different options 
— Repair or replace 
e Document everything 
— No room for questions 
* Keep everyone informed 
— Even if the status is unchanged 
* Follow up afterwards 
— Verify satisfaction 


4.7 - Professionalism 


Professional appearance 
e Match the attire of the current environment 
— Everyone should feel comfortable about their dress 


e Formal 
— Some organizations have specific requirements 


e Business casual 
— A more relaxed style 


e Find the right balance 
— Follow the organization’s lead 


Avoid being judgmental 
e Cultural sensitivity 

— Use appropriate professional titles 
e You're the teacher 

— Not the warden 

— Leave insults on the playground 


e Make people smarter 
— They'll be better technologists 


* You're going to make some BIG mistakes 
— Remember them. 


Be on time and avoid distractions 

* Don't allow interruptions 
— No personal calls, no texting, no Twitter 
— Don't talk to co-workers 


* Apologize for delays and unintended distractions 
— Create an environment for conversation 
— |n person 

* Open and inviting 
— Candy bowl can be magical 
— On the phone 
— Quiet background, clear audio 
— Stay off the speakerphone 
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4.7 - Professionalism (continued) 


Difficult situations 
e Technical problems can be stressful 
e Don’t argue or be defensive 

— Don’t dismiss 

— Don’t contradict 


Maintain confidentiality 
e Privacy concerns 
— Sensitive information 
— Both professional and private 
— On the computer, desktop, or printer 


e Diffuse a difficult situation with listening and questions ° Professional responsibilities 


— Relationship-building 


e Communicate 
— Even if there’s no update 


e Never take the situation to social media 


— IT professionals have access to a lot of corporate 
data 


e Personal respect 
— Treat people as you would want to be treated 


4.8 - Scripting Languages 


Scripting languages 
e Automate with the right tools 
— The script should match the requirement 


e May be specific to a task or operating system 
— Your choices may already be limited 


e You will probably learn more than one of these 
— An important skill for any technician 


Batch files 

e .bat file extension 
— Scripting for Windows at the command line 
— Legacy goes back to DOS and OS/2 


Windows PowerShell 

e Command line for system administrators 
— .ps1 file extension 
— Included with Windows 8/8.1 and 10 


e Extend command-line functions 
— Uses cmdlets (command-lets) 
— PowerShell scripts and functions 
— Standalone executables 


e Automate and integrate 
— System administration 
— Active Domain administration 


Microsoft Visual Basic Scripting Edition 
e VBScript 
— .vbs file extension 


e General purpose scripting in Windows 
— Back-end web server scripting 
— Scripting on the Windows desktop 
— Scripting inside of 
Microsoft Office applications 


Shell script 
e Scripting the Unix/Linux shell 
— Automate and extend the command line 


e Starts with a shebang or hash-bang #! 
— Often has a .sh file extension 


JavaScript 

e Scripting inside of your browser 
— .js file extension 

e Adds interactivity to HTML and CSS 
— Used on almost every web site 

e JavaScript is not Java 
— Different developers and origins 
— Very different use and implementation 

Python 

e General-purpose scripting language 
— .py file extension 

e Popular in many technologies 
— Broad appeal and support 


#!/bin/sh 

// Add the first input string 

INPUT_STRING=hello 

// Keep looping if the string isn't equal to bye 
while [ “$INPUT_STRING” != “bye” ] 


do 
echo “Please type something in (bye to quit)” 
read INPUT_STRING 
echo “You typed: $INPUT_STRING” 

done 


© 2022 Messer Studios, LLC Professor Messer’s CompTIA 220-1102 A+ Course Notes - Page 54 https://www.ProfessorMesser.com 


4.8 - Scripting Use Cases 


Basic automation 
e Automate tasks 
— You don’t have to be there 
— Solve problems in your sleep 
— Monitor and resolve problems before they happen 


e The need for speed 
— The script is as fast as the computer 
— No typing or delays 
— No human error 
e Automate mundane tasks 
— You can do something more creative 


Restarting machines 
e Turning it off and back on again 
— An important task 


e Application updates 
— Some apps require a system restart 


e Security patches 
— Deploy overnight and reboot the system 


e Troubleshooting 
— The once-a-day restart 
— You may not have physical access 


Remapping network drives 
e Shared network drives 
— The link between the user and their data 


e A common task during startup 
— Login scripts provide the connection 


e Automate software changes 
— Map a drive to the repository 


e Add or move user data 
— Automate the process 


Application installations 
e Install applications automatically 
— Don't walk a flash drive to every computer 
— Many applications have an automated 
installation process 
— Scripting can turn this into a hands-off process 


e On-demand or automatic installation scripts 
— Map the application installation drive 
— Install the application without user prompts 
— Disconnect the drive 
— Restart the system 


Automated backups 

e Usually performed at night or during off-hours 
— Get a copy of all important data 

e Time consuming 
— File systems, network connections 

e Script an automated backup process 


— Works while you sleep 
— Don't have to think about it 


Information gathering 
e Get specific information from a remote device 
— Monitoring and reporting 


e Performance monitoring 
— Confirm proper operation of a device 


e Inventory management 
— Check the hardware or software configuration 


e Security and vulnerability checks 
— Check for certain application or library versions 
— Plan for the latest patches 


Initiating updates 
e Nothing ever stays the same 

— Constant changes and updates 
* Operating systems 

— New features 

— Security patches 


* Device drivers 

— Bug fixes 

— New hardware or OS support 
* Applications 

— New version rollouts 


Other scripting considerations 
* Unintentionally introducing malware 
— Make sure you know what you're installing 


e Inadvertently changing system settings 
— Test all updates 
— Track the file and registry changes 


* Browser or system crashes 
— Mishandling of resources 
— Asingle character in a script can have 
unintended consequences 
— Always have a backup 
— Always test before deployment 
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4.9 - Remote Access 


Remote desktop connections 
e Share a desktop from a remote location 
— It’s like you're right there 


e RDP (Microsoft Remote Desktop Protocol) 
— Clients for Mac OS, Linux, and others as well 


e VNC (Virtual Network Computing) 
— Remote Frame Buffer (RFB) protocol 
— Clients for many operating systems 
— Many are open source 


e Commonly used for technical support 
— And for scammers 


Remote desktop security 

e Microsoft Remote Desktop 
— An open port of tcp/3389 is a big tell 
— Brute force attack is common 


e Third-party remote desktops 
— Often secured with just a username and password 
— There's a LOT of username/password re-use 
e Once you’re in, you're in 
— The desktop is all yours 
— Easy to jump to other systems 
— Obtain personal information, bank details 
— Make purchases from the user’s browser 


VPNs 
e Virtual Private Networks 
— Encrypted (private) data traversing a public network 
e Concentrator 
— Encryption/decryption access device 
— Often integrated into a firewall 
e Many deployment options 
— Specialized cryptographic hardware 
— Software-based options available 
e Used with client software 
— Sometimes built into the OS 


Client-to-site VPN 
e On-demand access from a remote device 
— Software connects to a VPN concentrator 


e Some software can be configured as always-on 


VPN Concentrator 
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VPN security 
e VPN data on the network is very secure 
— The best encryption technologies 


e Authentication is critical 
— An attacker with the right credentials can gain access 


e Almost always includes 
multi-factor authentication (MFA) 
— Require more than just a username and password 


SSH (Secure Shell) 
e Encrypted console communication - tcp/22 


e Looks and acts the same as Telnet - tcp/23 


SSH security 
e The network traffic is encrypted 
— Nothing to see in the packets 


e Authentication is a concern 
— SSH supports public/private key pair authentication 


e Certain accounts should be disabled in SSH 
— For example, root 
— Consider removing all 
password-based authentication 


e Limit access to SSH by IP address 
— Configure a local firewall or network filter 


RMM 

e Managed Service Providers (MSP) 
— Many customers and systems to monitor 
— Many different service levels 


e Remote Monitoring and Management (RMM) 
— Manage a system from a remote location 


e Many features 
— Patch operating systems 
— Remote login 
— Anomaly monitoring 
— Hardware/software inventory 


Remote User 
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4.9 - Remote Access (continued) 


RMM security 
e A popular attack point 
e The RMM has a great deal of information and control 
e Access should be limited 
— Don't allow everyone to connect to 
the RMM service 
e Auditing is important 
— Know who's connecting to which devices and 
what they're doing 


Microsoft Remote Assistance (MSRA) 
e Get access to a remote user's desktop 
— No firewall configurations or port forwarding required 
* User makes a request 
— Sends an invitation with the details 
* Technician connects 
— Uses the password in the request 
* Replaced by Quick Assist in Windows 10 
— The latest version of MSRA 
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MSRA/Quick Assist security 

e No ongoing Remote Desktop service required 
— Avoids unintended access 
— No port forwarding 


e Email with invitation details is always a concern 
— Consider using voice communication 


e Perhaps a bit too easy to use 
— Social engineering can be an issue 


Third-party tools 

e Screen-sharing 
— See and control a remote device 
— GoToMyPC, TeamViewer 


e Video-conferencing 
— Multi-user meetings with video and audio 
— Zoom, WebEx 


e File transfer 
— Store and share documents in the cloud 
— Dropbox, Box.com, Google Drive 


e Desktop management 
— Manage end-user devices and operating systems 
— Citrix Endpoint Management, ManageEngine 
Desktop Central 
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topics from a wide range of technologies. 
To pass your exam, you'll need to be familiar 
with computer hardware, mobile devices, 
networking, and much more. 


The Professor Messer Course Notes 
combine all of these important details into a 
comprehensive summary. These Course Notes 
include all of the important text, charts, 
pictures, and tables from Professor Messer's 
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